Antivirus Soft Removal

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Antivirus Soft Removal27th March 2010, 9:36 pm

Hello,

My name is Lowelles309, and I have an existing topic that I need help to resolve. A few days ago I picked up a virus called Antivirus soft and I have had difficulty in getting my machine to work since. I have reviewed some of the topics but I still need a little direction. Can someone please help me remove this virus.

I am running Vista 64 bit on a Dell Inspiron.

Thank you, Lowelles309

Re: Antivirus Soft Removal27th March 2010, 9:37 pm

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Antivirus Soft Removal DXwU4

Antivirus Soft removal27th March 2010, 11:13 pm

Hello Belahzur,

Thanks you for your help. As suggested I will make two post using this thread.

==============================================================================

OTL logfile created on: 3/27/2010 6:05:15 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Lowell\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.02 Gb Total Space | 197.34 Gb Free Space | 69.73% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.70 Gb Free Space | 51.33% Space Free | Partition Type: NTFS
Drive E: | 77.61 Gb Total Space | 67.63 Gb Free Space | 87.15% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 77.61 Gb Total Space | 77.43 Gb Free Space | 99.76% Space Free | Partition Type: NTFS
Drive H: | 77.61 Gb Total Space | 74.40 Gb Free Space | 95.86% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 18.58 Gb Total Space | 16.67 Gb Free Space | 89.74% Space Free | Partition Type: FAT32

Computer Name: LOWELL-PC
Current User Name: Lowell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/27 18:03:07 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Lowell\Desktop\OTL.exe
PRC - [2010/03/18 09:24:54 | 001,284,096 | ---- | M] () -- C:\Program Files (x86)\Antivirus Soft Basic\avsoft.exe
PRC - [2009/12/21 19:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/10/08 08:43:08 | 001,511,424 | ---- | M] (Chapura

, Inc) -- C:\Program Files (x86)\Chapura\Chapura SyncManager\SyncMgr.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/04 14:17:18 | 000,479,232 | ---- | M] (RingCentral, Inc.) -- C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe
PRC - [2009/05/04 14:15:16 | 000,032,768 | ---- | M] (RingCentral, Inc.) -- C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe
PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/02 21:41:54 | 003,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/10/02 11:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2008/08/27 19:30:04 | 000,152,824 | ---- | M] (CardScan, Inc.) -- C:\Program Files (x86)\Corex\CardScan\CardScanAgent.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/03 19:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files (x86)\palmOne\Hotsync.exe
PRC - [2006/04/18 02:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
PRC - [2005/09/12 17:00:40 | 000,266,240 | ---- | M] (Philips) -- C:\Windows\SysWOW64\drivers\Tray900.exe
PRC - [2005/09/12 17:00:24 | 000,155,648 | ---- | M] (Philips) -- C:\Windows\SysWOW64\drivers\Phibtn.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

========== Modules (SafeList) ==========

MOD - [2010/03/27 18:03:07 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Lowell\Desktop\OTL.exe
MOD - [2009/04/11 01:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/04/11 01:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 21:48:21 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2006/11/02 04:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2006/11/02 04:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 20:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/04/11 02:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/04/11 02:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/04/11 02:11:04 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/03/30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/03/30 06:24:30 | 000,948,736 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 21:47:07 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV:64bit: - [2008/01/20 21:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/05/29 18:47:44 | 000,020,480 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\OPHALDCS.EXE -- (DCSLoader)
SRV - [2009/08/10 12:40:58 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/29 23:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/31 23:50:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/04/18 02:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/04 13:50:18 | 000,321,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/28 13:26:52 | 001,152,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/04/11 02:15:30 | 000,160,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/04/11 00:39:51 | 000,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/04/11 00:39:34 | 000,098,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio)
DRV:64bit: - [2009/04/10 23:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/03/30 06:24:34 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2009/03/30 06:24:34 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/01/13 06:12:14 | 000,226,832 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/12/04 08:17:15 | 000,797,184 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV:64bit: - [2008/01/20 21:46:02 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2008/01/20 21:46:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/04/23 15:44:12 | 001,533,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\camdrv42.sys -- (camdrv42)
DRV - [2009/07/23 10:16:55 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/02/04 20:26:38 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/23 16:01:04] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2006/09/18 16:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 7F D0 73 FF 9D CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin File not found

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CardScanAgent] C:\Program Files (x86)\Corex\CardScan\CardScanAgent.exe (CardScan, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PhiBtn] C:\Windows\SysWOW64\drivers\Phibtn.exe (Philips)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayMin900] C:\Windows\SysWOW64\drivers\Tray900.exe (Philips)
O4 - HKCU..\Run: [avsoft] C:\Program Files (x86)\Antivirus Soft Basic\avsoft.exe ()
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pareto_Update] C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe ()
O4 - HKCU..\Run: [RCHotKey] C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
O4 - HKCU..\Run: [RCUI] C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Lowell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37:64bit: - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/27 18:03:05 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Lowell\Desktop\OTL.exe
[2010/03/27 16:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/03/27 13:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/03/27 13:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2010/03/27 13:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/03/27 00:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/03/27 00:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010/03/27 00:17:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2010/03/27 00:17:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2010/03/27 00:16:58 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/03/27 00:15:13 | 000,877,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcl.dll
[2010/03/27 00:15:11 | 000,675,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcl.dll
[2010/03/27 00:14:25 | 000,275,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DreamScene.dll
[2010/03/27 00:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\BitLocker
[2010/03/27 00:12:49 | 001,343,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SecureKeyBackupCPL.dll
[2010/03/26 15:04:52 | 000,000,000 | ---D | C] -- C:\Users\Lowell\Desktop\Book on CD Union Atlantic
[2010/03/23 10:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Antivirus Soft Basic
[2010/03/23 00:40:31 | 000,000,000 | ---D | C] -- C:\Users\Lowell\AppData\Local\cpkspq
[2010/03/22 22:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/03/22 22:22:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/03/22 22:22:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/03/22 22:22:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/03/22 19:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/22 18:54:14 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/03/22 18:54:14 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/03/22 18:54:14 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/03/22 18:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/22 18:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/03/22 18:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/03/22 18:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/03/22 18:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2010/03/22 18:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/03/22 18:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/03/18 18:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/03/18 18:07:57 | 000,000,000 | ---D | C] -- C:\Users\Lowell\AppData\Roaming\Google
[2010/03/18 18:04:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%ProgramW6432%
[2010/03/18 18:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/03/10 04:04:16 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/10 04:04:16 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/10 04:04:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/10 04:04:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/04 13:50:18 | 000,321,568 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rtlh64.sys
[2010/02/26 13:20:54 | 000,000,000 | ---D | C] -- C:\Users\Lowell\AppData\Local\BritLite
[2009/07/29 12:38:17 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Lowell\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2010/03/27 18:07:21 | 003,670,016 | -HS- | M] () -- C:\Users\Lowell\ntuser.dat
[2010/03/27 18:07:07 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BCF947C3-FF94-422E-8AF0-22B947461F60}.job
[2010/03/27 18:03:07 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Lowell\Desktop\OTL.exe
[2010/03/27 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/03/27 17:39:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/27 16:30:39 | 000,147,832 | ---- | M] () -- C:\Users\Lowell\Desktop\profiles.exe
[2010/03/27 16:17:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/27 16:17:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/27 16:17:56 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/27 16:17:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/27 16:17:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/27 16:17:48 | 4294,041,600 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/27 16:16:27 | 000,524,288 | -HS- | M] () -- C:\Users\Lowell\ntuser.dat{681cb780-0449-11df-ab25-0024e82142ba}.TMContainer00000000000000000001.regtrans-ms
[2010/03/27 16:16:27 | 000,065,536 | -HS- | M] () -- C:\Users\Lowell\ntuser.dat{681cb780-0449-11df-ab25-0024e82142ba}.TM.blf
[2010/03/27 16:16:25 | 002,508,355 | -H-- | M] () -- C:\Users\Lowell\AppData\Local\IconCache.db
[2010/03/27 13:31:54 | 000,017,448 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/03/27 13:07:29 | 000,001,806 | ---- | M] () -- C:\Users\Lowell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/03/27 12:46:09 | 000,770,118 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/27 12:46:09 | 000,650,922 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/27 12:46:09 | 000,122,692 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/27 12:18:30 | 000,006,836 | ---- | M] () -- C:\Users\Lowell\AppData\Local\d3d9caps.dat
[2010/03/27 00:40:44 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/27 00:33:02 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2010/03/27 00:17:14 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2010/03/24 18:02:25 | 000,161,071 | ---- | M] () -- C:\Users\Lowell\Desktop\FURNITURE HOLD HARMLESS 5542 WHITEHEAD[1][1].pdf
[2010/03/22 22:21:45 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010/03/22 22:21:45 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/03/22 22:21:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/03/22 22:21:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/03/22 18:57:33 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/22 18:52:37 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/18 22:14:04 | 000,013,697 | ---- | M] () -- C:\Users\Lowell\Desktop\Battery Mart - 031810.pdf
[2010/03/04 13:50:18 | 000,321,568 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rtlh64.sys

========== Files Created - No Company Name ==========

[2010/03/27 16:30:39 | 000,147,832 | ---- | C] () -- C:\Users\Lowell\Desktop\profiles.exe
[2010/03/27 16:11:08 | 4294,041,600 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/27 16:07:34 | 000,001,828 | ---- | C] () -- C:\Users\Lowell\AppData\Local\dd_vcredistMSI4E8A.txt
[2010/03/27 16:07:32 | 000,011,440 | ---- | C] () -- C:\Users\Lowell\AppData\Local\dd_vcredistUI4E8A.txt
[2010/03/27 16:07:32 | 000,010,638 | ---- | C] () -- C:\Users\Lowell\AppData\Local\dd_vcredistUI4E8B.txt
[2010/03/27 13:07:37 | 000,017,448 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/03/27 00:12:50 | 000,000,711 | ---- | C] () -- C:\Windows\SysNative\CPSOKBTasks.xml
[2010/03/24 18:02:25 | 000,161,071 | ---- | C] () -- C:\Users\Lowell\Desktop\FURNITURE HOLD HARMLESS 5542 WHITEHEAD[1][1].pdf
[2010/03/22 19:00:24 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/22 18:57:33 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/22 18:52:37 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/22 18:36:43 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/03/22 18:36:39 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\DriverCure.job
[2010/03/22 18:36:35 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2010/03/18 22:14:04 | 000,013,697 | ---- | C] () -- C:\Users\Lowell\Desktop\Battery Mart - 031810.pdf
[2010/03/18 18:24:13 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/18 18:24:12 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/12 17:45:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/12 18:01:32 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/11/10 14:45:34 | 000,001,460 | ---- | C] () -- C:\Users\Lowell\AppData\Local\d3d9caps64.dat
[2009/10/27 17:54:21 | 000,722,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/22 12:19:24 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/22 12:17:11 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/22 14:05:00 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/08/22 14:03:08 | 000,000,044 | ---- | C] () -- C:\Windows\EP_SPR380.ini
[2009/08/19 11:27:11 | 000,000,000 | ---- | C] () -- C:\Users\Lowell\AppData\Roaming\wklnhst.dat
[2009/08/07 09:29:21 | 000,006,836 | ---- | C] () -- C:\Users\Lowell\AppData\Local\d3d9caps.dat
[2009/07/31 11:43:50 | 000,016,896 | ---- | C] () -- C:\Users\Lowell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/29 14:23:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/20 21:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

Re: Antivirus Soft Removal27th March 2010, 11:16 pm

Hey Belahzur,

This is the second log, Extras.txt.

===============================================================================
TL Extras logfile created on: 3/27/2010 6:05:16 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Lowell\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.02 Gb Total Space | 197.34 Gb Free Space | 69.73% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.70 Gb Free Space | 51.33% Space Free | Partition Type: NTFS
Drive E: | 77.61 Gb Total Space | 67.63 Gb Free Space | 87.15% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 77.61 Gb Total Space | 77.43 Gb Free Space | 99.76% Space Free | Partition Type: NTFS
Drive H: | 77.61 Gb Total Space | 74.40 Gb Free Space | 95.86% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 18.58 Gb Total Space | 16.67 Gb Free Space | 89.74% Space Free | Partition Type: FAT32

Computer Name: LOWELL-PC
Current User Name: Lowell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Value error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = BB 8B 48 DB 39 3D CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"UpdatesDisableNotify" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A216D44-179A-46A6-A6FF-4CBD69CB1975}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1A4B0997-4071-483C-806E-F37AAD02B5DE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{32B52420-C664-4A30-B6FE-D960756E74E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{375B0039-240D-42A7-A767-1A589F03C78E}" = rport=139 | protocol=6 | dir=out | app=system |
"{3BB6F79F-CCA5-47DF-8006-1CF021847ABD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{448200A7-23DE-44FA-BE84-4806A7E8DB23}" = lport=445 | protocol=6 | dir=in | app=system |
"{45AE7C93-8EAA-4AFE-8917-CA0BC7236074}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{4753D5A7-2946-405D-AA9A-3453EAD8EDE0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{601E00D9-D847-4C68-B55B-4D22B9884FD8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{614657C9-9A9C-41F1-9AA3-FDE097A55B8C}" = lport=137 | protocol=17 | dir=in | app=system |
"{83518D10-2E7E-4B41-9290-AF021B192BD7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87C9FCB0-21EA-49F9-A6ED-F2DF33DCE033}" = rport=138 | protocol=17 | dir=out | app=system |
"{8BA5C965-953A-4733-96B5-0E511E9EA020}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9273F009-2A48-4E2E-AE9D-67246D1351A3}" = lport=138 | protocol=17 | dir=in | app=system |
"{A01DAC62-981E-42EE-B041-A7421EAF71A7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AE2B5BFB-521F-4401-AC3F-262CB0A7CDBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BB7869BA-F538-43E3-9946-E619988ED475}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D783EF22-6D20-4F40-8C9B-2FA3C2678B30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D81FCF16-E58B-4A90-B543-9467675A9788}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC2F5F79-C0E9-4611-BA91-3817AF298667}" = rport=445 | protocol=6 | dir=out | app=system |
"{F209DACD-9706-42C1-B409-34C9DC6CB35E}" = lport=139 | protocol=6 | dir=in | app=system |
"{FDD41A0F-800E-4078-A13E-F2095CBB0B85}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{094E869D-09B3-4D74-A1E8-5D6C6B132D86}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{11262BB0-D1DE-4A9F-B992-C028630AE180}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{117ACC1C-F151-4632-B2F8-8E61262EE6CB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{18A5D82C-94FB-4D88-92CA-23DD1F9652FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1C510717-1F0B-4EEB-9110-2B874EF58674}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{20DD816C-FF74-4A9E-904B-A94F17E43EF1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{24C40FC0-E883-48E1-ACAC-562EB43063F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{27CCB9E6-7DC2-42B3-863B-1FA33DF55C91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A674D10-FCF2-4741-9929-D149DBD74E49}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{2B338A3C-E722-4566-8662-9A691C883068}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2B94E2D3-71B0-42DA-AC88-2FB4F474262D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{310F49E3-481E-4E70-9AF3-0F84D2119C52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41FB6339-21AB-4096-94E5-3F6DE7876B35}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{44158468-0A6A-48D5-BF69-ABAB8AD638EC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{48637A36-4288-4FC4-8EAA-8CD7F7B332A6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4ABBB8A1-4ABE-45CE-844E-84BBF9107B18}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{4E23918A-7FAA-42DD-A25F-236A0E9EAD91}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{4ECF66FE-C618-4D9B-A866-99EB794CB7E1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{60A0C51A-9D88-44C2-A08E-DCB9FDC5B668}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6281205E-C2C2-4F2B-BB6A-FA1FB803F598}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7283BEE0-03E2-4C12-8E4D-4B6D855803A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{78BB082C-4AC9-44B0-AE40-1937F5A0F3E2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7998E5D6-B080-4258-8811-D656726FFF33}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{826E2A96-2DD1-4A40-98CB-F09FC14E7264}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A10033A0-5D9E-404D-9D63-7970801FBEE9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A307FE56-0374-4965-AC4C-06CC02D68442}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA3BA507-9B05-4997-A4A2-29F3B657446C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{AA844B4E-1443-4A3B-A69C-3063FD7267D8}" = protocol=6 | dir=out | app=system |
"{AA9BCD5E-4A77-4A88-ACA8-27AB00DB0D19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4B93157-11A6-406B-92B3-CF18D3F5519E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{BEB379E7-D276-4490-9FB8-A7FC248CF5D0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C0D94C9A-2146-48B4-A4BF-D280BB3B1500}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C4D398AC-1F1A-4BC5-AF18-94763ED27FE4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C6346F9C-1E03-4544-8727-9C3D4639834D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C82AF07D-740B-496A-AFA6-B5834D0F18DD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CBCEE733-26D8-49F8-88A0-C0176D944C41}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D08536AE-56CB-4E99-88BD-03F2E5EEC6A4}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F5AA9D24-CAB8-4268-B5D4-B360FCFE5B99}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{3EEFFA6A-F9BB-4003-8023-C6507A36F81E}C:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe |
"TCP Query User{A126E2AB-A6A1-4314-A76E-E68F78C84D3C}F:\autorun.exe" = protocol=6 | dir=in | app=f:\autorun.exe |
"TCP Query User{A276C242-3692-4241-8FE4-CDA9733406A7}C:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe |
"TCP Query User{AC2C1382-08AE-481B-92FE-E958DAB3010A}C:\program files (x86)\chapura\chapura syncmanager\syncmgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\chapura\chapura syncmanager\syncmgr.exe |
"TCP Query User{E68072F6-2046-4F70-A4F4-C7A3BF180850}C:\windows\system32\spool\drivers\x64\3\e_dupa10.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\e_dupa10.exe |
"TCP Query User{FA557B28-03A4-4C49-9E46-22FDC5733403}C:\program files (x86)\chapura\chapura syncmanager\syncmgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\chapura\chapura syncmanager\syncmgr.exe |
"UDP Query User{08F86463-9EED-474E-A28D-A1634C7F7BF5}C:\program files (x86)\chapura\chapura syncmanager\syncmgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\chapura\chapura syncmanager\syncmgr.exe |
"UDP Query User{31EBEB41-8AF5-40EE-854C-631FD88908F8}C:\program files (x86)\chapura\chapura syncmanager\syncmgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\chapura\chapura syncmanager\syncmgr.exe |
"UDP Query User{6186FD9F-F415-4FF7-B7E7-24790C8FFA53}C:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe |
"UDP Query User{8D0E6D3D-45A8-404E-8078-5F07E3E6853D}C:\windows\system32\spool\drivers\x64\3\e_dupa10.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\e_dupa10.exe |
"UDP Query User{ADD55188-55FF-441C-B252-AF948FD68A24}F:\autorun.exe" = protocol=17 | dir=in | app=f:\autorun.exe |
"UDP Query User{C6C737F0-EAF7-475D-BE67-44107BC180B3}C:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{84BC87D4-0480-4E10-B15D-1E7886D55180}" = iTunes
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E4C229B2-51E3-49E7-3A42-A3B695B4E56E}" = ccc-utility64
"{E78A769A-592F-4154-8277-07CC3BDCAAD8}" = MobileMe Control Panel
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"UltSounds" = Windows Sound Schemes

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{04D5E56E-F323-27F2-C075-EF1AE9A3CF2B}" = Catalyst Control Center Graphics Light
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07288267-318E-9B78-B04E-984F9149EE24}" = Catalyst Control Center Graphics Previews Common
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B23ACC5-88A6-FEE4-0131-8777A1BA0B68}" = Catalyst Control Center Graphics Previews Vista
"{0CD81D7E-94E2-D230-E37E-C9B16E90D01C}" = CCC Help Italian
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16A7FAD8-EE4F-C413-8359-833A3B2D39FB}" = CCC Help Portuguese
"{18364179-C5E5-F826-E2FC-D99D575AF997}" = Catalyst Control Center Localization All
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}" = Philips SPC 900NC PC Camera
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}" = C5150n - C5200n Series GDI Driver from OKI

Printing Solutions for Windows
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{47C72DA6-E7AC-984C-5475-15A65F9B41BE}" = Catalyst Control Center Graphics Full New
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A918155-6399-4673-0D08-85A0DBEC1389}" = CCC Help Chinese Traditional
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CB47111-82EB-4796-83AE-99B27A602BA6}" = CardScan 8.0.5
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4F93ABBE-5A1D-4D56-94CB-022F109FDE4D}" = Adobe Presenter 7
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{537791BE-B032-D116-0C59-13541E17BFEA}" = CCC Help English
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5614A167-5CB3-4C4C-8C0C-E5FACB3D953C}" = NETGEAR XE104 Powerline Encryption Utility
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66DAE8D7-D5F7-462F-5815-102EE4B191C4}" = CCC Help Korean
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6E81E3FE-8DE3-4C58-9F47-C3697887F1F4}_is1" = Chapura SyncManager
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{763B809A-6874-5979-CD69-39491392262C}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7FE440D8-8F16-24CA-81B6-7DEB4D6BF92D}" = CCC Help Hungarian
"{88D3B829-DBA4-D839-33BF-9A5794CC21EB}" = CCC Help Chinese Standard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{9044B9A5-B7D7-3EA2-B20B-49A47853D62F}" = CCC Help Spanish
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{A580547F-4FB6-433E-A595-21CAA858C556}" = Microsoft Office Live Small Business Image Uploader
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A7F37935-A880-8657-79CE-F98BF3A358E1}" = CCC Help Turkish
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_931" = Adobe Acrobat 9.3.1 - CPSID_50570
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Reg Error: Invalid data type.
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B297076F-905F-7E13-57EF-7D254EBB7589}" = CCC Help Japanese
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE66348A-E83F-4982-941F-DFF2F742B851}" = Microsoft Office Live Meeting 2007
"{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

4.2
"{D1B8C6AC-C4F8-E8AF-E157-AF3E16B97903}" = CCC Help French
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC702FC1-4746-CD99-0578-02839474C2F8}" = Skins
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E59145A6-2D21-9E5C-6551-ACA2539CDE50}" = ccc-core-static
"{E89371A0-2FCD-F518-EECB-09AB27724CEE}" = CCC Help German
"{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}" = Philips VLounge
"{ED06F22F-DADB-E713-2E49-EEB154950285}" = Catalyst Control Center Graphics Full Existing
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6706DF9-B0B6-8496-F302-BF511197A32F}" = Catalyst Control Center Core Implementation
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Presenter 7" = Adobe Presenter 7
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Calendar Sync" = Google Calendar Sync
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{5614A167-5CB3-4C4C-8C0C-E5FACB3D953C}" = NETGEAR XE104 Powerline Encryption Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"OUTLOOKR" = Microsoft Office Outlook 2007
"RingCentral" = RingCentral Call Controller
"Silent Package Run-Time Sample" = EPSON Stylus Photo R380 User's Guide
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodecPackDivX" = DivXCodecPack

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/23/2010 2:12:35 AM | Computer Name = Lowell-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 3/23/2010 2:12:55 AM | Computer Name = Lowell-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 3/23/2010 2:12:55 AM | Computer Name = Lowell-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 3/23/2010 10:30:46 AM | Computer Name = Lowell-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 3/23/2010 10:30:46 AM | Computer Name = Lowell-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 3/23/2010 11:37:19 AM | Computer Name = Lowell-PC | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 3/23/2010 3:51:44 PM | Computer Name = Lowell-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 3/23/2010 3:51:44 PM | Computer Name = Lowell-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 3/23/2010 3:52:12 PM | Computer Name = Lowell-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 3/23/2010 3:52:12 PM | Computer Name = Lowell-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

[ Media Center Events ]
Error - 10/27/2009 1:29:44 PM | Computer Name = Lowell-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 11/8/2009 4:32:21 PM | Computer Name = Lowell-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 398
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/9/2009 3:25:29 PM | Computer Name = Lowell-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/9/2009 3:33:44 PM | Computer Name = Lowell-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/22/2009 10:34:15 PM | Computer Name = Lowell-PC | Source = DCOM | ID = 10005
Description =

Error - 9/22/2009 10:34:15 PM | Computer Name = Lowell-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/22/2009 10:34:15 PM | Computer Name = Lowell-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/22/2009 10:42:59 PM | Computer Name = Lowell-PC | Source = HTTP | ID = 15016
Description =

< End of report >

Re: Antivirus Soft Removal28th March 2010, 11:40 am

Hello.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
PRC - [2010/03/18 09:24:54 | 001,284,096 | ---- | M] () -- C:\Program Files (x86)\Antivirus Soft Basic\avsoft.exe
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [avsoft] C:\Program Files (x86)\Antivirus Soft Basic\avsoft.exe ()
[2010/03/23 10:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Antivirus Soft Basic
[2010/03/23 00:40:31 | 000,000,000 | ---D | C] -- C:\Users\Lowell\AppData\Local\cpkspq
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Antivirus Soft Removal28th March 2010, 4:28 pm

Hello Belahzur,

Thanks you for yoour help!

========== OTL ==========
No active process named avsoft.exe was found!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\avsoft not found.
File C:\Program Files (x86)\Antivirus Soft Basic\avsoft.exe not found.
Folder C:\Program Files (x86)\Antivirus Soft Basic\ not found.
Folder C:\Users\Lowell\AppData\Local\cpkspq\ not found.

OTL by OldTimer - Version 3.1.37.3 log created on 03282010_112726

Re: Antivirus Soft Removal28th March 2010, 5:01 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: Antivirus Soft Removal28th March 2010, 6:02 pm

Hey Belahzur,

Her are the MBAM Log results from my scan.

Thank you,
Lowelles309

Malwarebytes' Anti-Malware 1.44
Database version: 3923
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/28/2010 12:59:47 PM
mbam-log-2010-03-28 (12-59-47).txt

Scan type: Quick Scan
Objects scanned: 108294
Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: Antivirus Soft Removal29th March 2010, 12:12 am

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Re: Antivirus Soft Removal29th March 2010, 6:45 pm

Belahzur,

I ran the scan as instructed and there were no infections. I still have Antivirus Soft on my computer. Is there anything else that we can try?

Lowelles309

Re: Antivirus Soft Removal29th March 2010, 6:55 pm

Please re-run MBAM.

Re: Antivirus Soft Removal29th March 2010, 10:42 pm

Belahzur,

I re-ran the MBAM again and have attached the log. I will await further instructions.

Thanks,
Lowelles309

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/29/2010 5:39:45 PM
mbam-log-2010-03-29 (17-39-45).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|)
Objects scanned: 279485
Time elapsed: 57 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e55c05b2-8dd9-3c8e-b449-3fbc1eaeae7f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e55c05b2-8dd9-3c8e-b449-3fbc1eaeae7f} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\mi10407.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\mi10407.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Re: Antivirus Soft Removal30th March 2010, 12:49 am

Hmmm, please re-run OTL as well, post the new OTL.txt log.

Re: Antivirus Soft Removal30th March 2010, 3:40 pm

Mr. Belahzur,

I have re-ran OTL and have pasted the results as requested. Again thank you.

OTL logfile created on: 3/30/2010 10:33:09 AM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Lowell\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.02 Gb Total Space | 198.99 Gb Free Space | 70.31% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.70 Gb Free Space | 51.33% Space Free | Partition Type: NTFS
Drive E: | 77.61 Gb Total Space | 67.62 Gb Free Space | 87.13% Space Free | Partition Type: NTFS
Drive F: | 265.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 77.61 Gb Total Space | 77.43 Gb Free Space | 99.76% Space Free | Partition Type: NTFS
Drive H: | 77.61 Gb Total Space | 74.40 Gb Free Space | 95.86% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 18.58 Gb Total Space | 16.67 Gb Free Space | 89.74% Space Free | Partition Type: FAT32

Computer Name: LOWELL-PC
Current User Name: Lowell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/27 18:03:07 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Lowell\Desktop\OTL.exe
PRC - [2010/03/18 18:17:47 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009/12/21 19:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/11/24 12:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/10/08 08:43:08 | 001,511,424 | ---- | M] (Chapura

, Inc) -- C:\Program Files (x86)\Chapura\Chapura SyncManager\SyncMgr.exe
PRC - [2009/08/10 12:40:58 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/04 14:17:18 | 000,479,232 | ---- | M] (RingCentral, Inc.) -- C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe
PRC - [2009/05/04 14:15:16 | 000,032,768 | ---- | M] (RingCentral, Inc.) -- C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe
PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/02 21:41:54 | 003,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/10/02 11:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2008/08/27 19:30:04 | 000,152,824 | ---- | M] (CardScan, Inc.) -- C:\Program Files (x86)\Corex\CardScan\CardScanAgent.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/03 19:28:08 | 001,392,640 | R--- | M] (PalmSource, Inc) -- C:\Program Files (x86)\palmOne\Hotsync.exe
PRC - [2006/04/18 02:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
PRC - [2005/09/12 17:00:40 | 000,266,240 | ---- | M] (Philips) -- C:\Windows\SysWOW64\drivers\Tray900.exe
PRC - [2005/09/12 17:00:24 | 000,155,648 | ---- | M] (Philips) -- C:\Windows\SysWOW64\drivers\Phibtn.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

========== Modules (SafeList) ==========

MOD - [2010/03/27 18:03:07 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Lowell\Desktop\OTL.exe
MOD - [2009/04/11 01:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/04/11 01:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 21:48:21 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2006/11/02 04:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2006/11/02 04:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 20:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/04/11 02:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/04/11 02:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/04/11 02:11:04 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/03/30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/03/30 06:24:30 | 000,948,736 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/20 21:47:07 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV:64bit: - [2008/01/20 21:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/05/29 18:47:44 | 000,020,480 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\OPHALDCS.EXE -- (DCSLoader)
SRV - [2009/08/10 12:40:58 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/29 23:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/31 23:50:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/04/18 02:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/04 13:50:18 | 000,321,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/28 13:26:52 | 001,152,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/04/11 02:15:30 | 000,160,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/04/11 00:39:51 | 000,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/04/11 00:39:34 | 000,098,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio)
DRV:64bit: - [2009/04/10 23:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/03/30 06:24:34 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2009/03/30 06:24:34 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/01/13 06:12:14 | 000,226,832 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/12/04 08:17:15 | 000,797,184 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV:64bit: - [2008/01/20 21:46:02 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2008/01/20 21:46:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/04/23 15:44:12 | 001,533,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\camdrv42.sys -- (camdrv42)
DRV - [2009/07/23 10:16:55 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009/02/04 20:26:38 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/23 16:01:04] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2006/09/18 16:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 C9 57 17 C0 CE CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

O1 HOSTS File: ([2010/03/28 16:12:28 | 000,000,743 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CardScanAgent] C:\Program Files (x86)\Corex\CardScan\CardScanAgent.exe (CardScan, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PhiBtn] C:\Windows\SysWOW64\drivers\Phibtn.exe (Philips)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayMin900] C:\Windows\SysWOW64\drivers\Tray900.exe (Philips)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pareto_Update] C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\Pareto_Update.exe ()
O4 - HKCU..\Run: [RCHotKey] C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe (RingCentral, Inc.)
O4 - HKCU..\Run: [RCUI] C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe (RingCentral, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Lowell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Deployer http://www.enigmasoftware.com/download_scanner/activex/shsafeinstall.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37:64bit: - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/28 22:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/03/28 16:41:22 | 000,000,000 | ---D | C] -- C:\Users\Lowell\Documents\Simply Super Software
[2010/03/28 16:41:16 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll
[2010/03/28 16:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2010/03/28 16:41:15 | 000,000,000 | ---D | C] -- C:\Users\Lowell\AppData\Roaming\Simply Super Software
[2010/03/28 16:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/03/28 16:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2010/03/28 11:23:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/27 18:03:05 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Lowell\Desktop\OTL.exe
[2010/03/27 16:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/03/27 13:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/03/27 13:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2010/03/27 13:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/03/27 00:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/03/27 00:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010/03/27 00:17:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2010/03/27 00:17:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2010/03/27 00:16:58 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010/03/27 00:15:13 | 000,877,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcl.dll
[2010/03/27 00:15:11 | 000,675,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcl.dll
[2010/03/27 00:14:25 | 000,275,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DreamScene.dll
[2010/03/27 00:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\BitLocker
[2010/03/27 00:12:49 | 001,343,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SecureKeyBackupCPL.dll
[2010/03/26 15:04:52 | 000,000,000 | ---D | C] -- C:\Users\Lowell\Desktop\Book on CD Union Atlantic
[2010/03/22 22:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/03/22 22:22:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/03/22 22:22:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/03/22 22:22:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/03/22 19:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/22 18:54:14 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010/03/22 18:54:14 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010/03/22 18:54:14 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010/03/22 18:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/22 18:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/03/22 18:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/03/22 18:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/03/22 18:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ParetoLogic
[2010/03/22 18:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/03/22 18:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/03/18 18:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/03/18 18:07:57 | 000,000,000 | ---D | C] -- C:\Users\Lowell\AppData\Roaming\Google
[2010/03/18 18:04:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%ProgramW6432%
[2010/03/18 18:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/03/10 04:04:16 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/10 04:04:16 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/10 04:04:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/10 04:04:14 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/04 13:50:18 | 000,321,568 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rtlh64.sys
[2009/07/29 12:38:17 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Lowell\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2010/03/30 10:34:17 | 003,670,016 | -HS- | M] () -- C:\Users\Lowell\ntuser.dat
[2010/03/30 10:16:03 | 000,054,152 | ---- | M] () -- C:\Users\Lowell\Desktop\Adobe error.jpg
[2010/03/30 09:43:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/30 09:43:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/30 09:39:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/30 08:48:25 | 000,000,735 | ---- | M] () -- C:\Users\Lowell\Desktop\account a.lnk
[2010/03/30 08:39:25 | 000,000,727 | ---- | M] () -- C:\Users\Lowell\Desktop\account.lnk
[2010/03/30 06:09:31 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BCF947C3-FF94-422E-8AF0-22B947461F60}.job
[2010/03/30 00:33:02 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2010/03/29 18:39:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/29 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/03/29 17:44:20 | 000,006,836 | ---- | M] () -- C:\Users\Lowell\AppData\Local\d3d9caps.dat
[2010/03/29 17:43:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/29 17:43:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/29 17:43:43 | 4294,041,600 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/29 17:42:27 | 000,524,288 | -HS- | M] () -- C:\Users\Lowell\ntuser.dat{681cb780-0449-11df-ab25-0024e82142ba}.TMContainer00000000000000000001.regtrans-ms
[2010/03/29 17:42:27 | 000,065,536 | -HS- | M] () -- C:\Users\Lowell\ntuser.dat{681cb780-0449-11df-ab25-0024e82142ba}.TM.blf
[2010/03/29 17:42:26 | 003,534,922 | -H-- | M] () -- C:\Users\Lowell\AppData\Local\IconCache.db
[2010/03/29 17:42:17 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\DriverCure.job
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/28 16:41:19 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/03/27 18:03:07 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Lowell\Desktop\OTL.exe
[2010/03/27 16:30:39 | 000,147,832 | ---- | M] () -- C:\Users\Lowell\Desktop\profiles.exe
[2010/03/27 13:31:54 | 000,017,448 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/03/27 13:07:29 | 000,001,806 | ---- | M] () -- C:\Users\Lowell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/03/27 12:46:09 | 000,770,118 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/27 12:46:09 | 000,650,922 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/27 12:46:09 | 000,122,692 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/27 00:40:44 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/24 18:02:25 | 000,161,071 | ---- | M] () -- C:\Users\Lowell\Desktop\FURNITURE HOLD HARMLESS 5542 WHITEHEAD[1][1].pdf
[2010/03/22 22:21:45 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010/03/22 22:21:45 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/03/22 22:21:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/03/22 22:21:45 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/03/22 18:57:33 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/22 18:52:37 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/18 22:14:04 | 000,013,697 | ---- | M] () -- C:\Users\Lowell\Desktop\Battery Mart - 031810.pdf
[2010/03/04 13:50:18 | 000,321,568 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rtlh64.sys

========== Files Created - No Company Name ==========

[2010/03/30 10:16:03 | 000,054,152 | ---- | C] () -- C:\Users\Lowell\Desktop\Adobe error.jpg
[2010/03/30 08:48:25 | 000,000,735 | ---- | C] () -- C:\Users\Lowell\Desktop\account a.lnk
[2010/03/30 08:39:25 | 000,000,727 | ---- | C] () -- C:\Users\Lowell\Desktop\account.lnk
[2010/03/28 16:41:19 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/03/28 16:41:16 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2010/03/28 16:41:16 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2010/03/28 16:41:16 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2010/03/28 16:41:16 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2010/03/27 16:30:39 | 000,147,832 | ---- | C] () -- C:\Users\Lowell\Desktop\profiles.exe
[2010/03/27 16:11:08 | 4294,041,600 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/27 16:07:34 | 000,001,828 | ---- | C] () -- C:\Users\Lowell\AppData\Local\dd_vcredistMSI4E8A.txt
[2010/03/27 16:07:32 | 000,011,440 | ---- | C] () -- C:\Users\Lowell\AppData\Local\dd_vcredistUI4E8A.txt
[2010/03/27 16:07:32 | 000,010,638 | ---- | C] () -- C:\Users\Lowell\AppData\Local\dd_vcredistUI4E8B.txt
[2010/03/27 13:07:37 | 000,017,448 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2010/03/27 00:12:50 | 000,000,711 | ---- | C] () -- C:\Windows\SysNative\CPSOKBTasks.xml
[2010/03/24 18:02:25 | 000,161,071 | ---- | C] () -- C:\Users\Lowell\Desktop\FURNITURE HOLD HARMLESS 5542 WHITEHEAD[1][1].pdf
[2010/03/22 19:00:24 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/22 18:57:33 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/22 18:52:37 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/22 18:36:43 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/03/22 18:36:39 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\DriverCure.job
[2010/03/22 18:36:35 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2010/03/18 22:14:04 | 000,013,697 | ---- | C] () -- C:\Users\Lowell\Desktop\Battery Mart - 031810.pdf
[2010/03/18 18:24:13 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/18 18:24:12 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/12 17:45:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/12 18:01:32 | 000,000,094 | ---- | C] () -- C:\Windows\family.ini
[2009/11/10 14:45:34 | 000,001,460 | ---- | C] () -- C:\Users\Lowell\AppData\Local\d3d9caps64.dat
[2009/10/27 17:54:21 | 000,722,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/22 12:19:24 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/22 12:17:11 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/22 14:05:00 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/08/22 14:03:08 | 000,000,044 | ---- | C] () -- C:\Windows\EP_SPR380.ini
[2009/08/19 11:27:11 | 000,000,000 | ---- | C] () -- C:\Users\Lowell\AppData\Roaming\wklnhst.dat
[2009/08/07 09:29:21 | 000,006,836 | ---- | C] () -- C:\Users\Lowell\AppData\Local\d3d9caps.dat
[2009/07/31 11:43:50 | 000,016,896 | ---- | C] () -- C:\Users\Lowell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/29 14:23:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/20 21:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

Re: Antivirus Soft Removal30th March 2010, 10:34 pm

Not seeing anything, please run one more MBAM scan.

Re: Antivirus Soft Removal31st March 2010, 2:57 am

Hi Mr Belahzur,

I have completed a fully scam with MBAM and I have pasted the log at the end of my note. The reason that I know that Antivirus Soft is still on my computer is because I cannot reinstall my AVG antivirus software. Every time I try I get a message that AVG cannot be installed until Antivirus Soft is removed.

Any help will be greatly appreciated.

Regards,

Lowelles309

===================================================

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3935

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/30/2010 6:59:46 PM
mbam-log-2010-03-30 (18-59-46).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|)
Objects scanned: 281050
Time elapsed: 1 hour(s), 1 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: Antivirus Soft Removal31st March 2010, 1:11 pm

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
Code:
:regfind Antivirus Soft
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Re: Antivirus Soft Removal31st March 2010, 2:51 pm

Hey Belahzur,

I followed your instructions and have copied Download Mirror 1 results here:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:47 on 31/03/2010 by Lowell (Administrator - Elevation successful)

========== regfind ==========

Searching for "Antivirus Soft"
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\AVGeneral\cRecentFiles\c4]
"tDIText"="/E/Lowell's/Lowell's Files/Lowell/wages & taxes/2008/2008 Real Estate Expenses/2008 Real Estate Recipts/NOD 32 Antivirus Software Renewal - 090208.pdf"
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\AVGeneral\cRecentFiles\c4]
"tDIText"="/E/Lowell's/Lowell's Files/Lowell/wages & taxes/2008/2008 Real Estate Expenses/2008 Real Estate Recipts/NOD 32 Antivirus Software Renewal - 090208.pdf"
[HKEY_USERS\S-1-5-21-2438932605-2095154723-919244287-1000\Software\Adobe\Adobe Acrobat\9.0\AVGeneral\cRecentFiles\c4]
"tDIText"="/E/Lowell's/Lowell's Files/Lowell/wages & taxes/2008/2008 Real Estate Expenses/2008 Real Estate Recipts/NOD 32 Antivirus Software Renewal - 090208.pdf"
[HKEY_USERS\S-1-5-21-2438932605-2095154723-919244287-1000\Software\Adobe\Adobe Acrobat\9.0\AVGeneral\cRecentFiles\c4]
"tDIText"="/E/Lowell's/Lowell's Files/Lowell/wages & taxes/2008/2008 Real Estate Expenses/2008 Real Estate Recipts/NOD 32 Antivirus Software Renewal - 090208.pdf"

-=End Of File=-

Here is the log for Download Mirror #2:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:50 on 31/03/2010 by Lowell (Administrator - Elevation successful)

========== regfind ==========

Searching for "Antivirus Soft"
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\AVGeneral\cRecentFiles\c4]
"tDIText"="/E/Lowell's/Lowell's Files/Lowell/wages & taxes/2008/2008 Real Estate Expenses/2008 Real Estate Recipts/NOD 32 Antivirus Software Renewal - 090208.pdf"
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\AVGeneral\cRecentFiles\c4]
"tDIText"="/E/Lowell's/Lowell's Files/Lowell/wages & taxes/2008/2008 Real Estate Expenses/2008 Real Estate Recipts/NOD 32 Antivirus Software Renewal - 090208.pdf"
[HKEY_USERS\S-1-5-21-2438932605-2095154723-919244287-1000\Software\Adobe\Adobe Acrobat\9.0\AVGeneral\cRecentFiles\c4]
"tDIText"="/E/Lowell's/Lowell's Files/Lowell/wages & taxes/2008/2008 Real Estate Expenses/2008 Real Estate Recipts/NOD 32 Antivirus Software Renewal - 090208.pdf"
[HKEY_USERS\S-1-5-21-2438932605-2095154723-919244287-1000\Software\Adobe\Adobe Acrobat\9.0\AVGeneral\cRecentFiles\c4]
"tDIText"="/E/Lowell's/Lowell's Files/Lowell/wages & taxes/2008/2008 Real Estate Expenses/2008 Real Estate Recipts/NOD 32 Antivirus Software Renewal - 090208.pdf"

-=End Of File=-

Re: Antivirus Soft Removal31st March 2010, 4:03 pm

Hmmm.

If AVG wont install, I recommend Avira instead. Smile...

Re: Antivirus Soft Removal31st March 2010, 5:10 pm

Belahzur,

Thanks for your help. I did download Avira and it is working. I guess it is safe to assume that I have eliminated, with your help, Antivirus Soft?

Have a great week and enjoy the spring.

Thanks again,

Lowelles309

Re: Antivirus Soft Removal31st March 2010, 9:53 pm

Yep, this should be fine now.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

How is the machine running now?

Re: Antivirus Soft Removal9th April 2010, 3:28 am

Hello Belahzur,

Sorry that I did not get back to sooner but I was out of town. After I followed your instructions my computer is running normally again. I really appreciate your help and guidance with helping me resolve this problem.

Sincerely,

Lowell309

PS: I hope you have a great summer

Antivirus Soft Removal

descriptionAntivirus Soft Removal27th March 2010, 9:36 pm

descriptionRe: Antivirus Soft Removal27th March 2010, 9:37 pm

descriptionAntivirus Soft removal27th March 2010, 11:13 pm

descriptionRe: Antivirus Soft Removal27th March 2010, 11:16 pm

descriptionRe: Antivirus Soft Removal28th March 2010, 11:40 am

descriptionRe: Antivirus Soft Removal28th March 2010, 4:28 pm

descriptionRe: Antivirus Soft Removal28th March 2010, 5:01 pm

descriptionRe: Antivirus Soft Removal28th March 2010, 6:02 pm

descriptionRe: Antivirus Soft Removal29th March 2010, 12:12 am

descriptionRe: Antivirus Soft Removal29th March 2010, 6:45 pm

descriptionRe: Antivirus Soft Removal29th March 2010, 6:55 pm

descriptionRe: Antivirus Soft Removal29th March 2010, 10:42 pm

descriptionRe: Antivirus Soft Removal30th March 2010, 12:49 am

descriptionRe: Antivirus Soft Removal30th March 2010, 3:40 pm

descriptionRe: Antivirus Soft Removal30th March 2010, 10:34 pm

descriptionRe: Antivirus Soft Removal31st March 2010, 2:57 am

descriptionRe: Antivirus Soft Removal31st March 2010, 1:11 pm

descriptionRe: Antivirus Soft Removal31st March 2010, 2:51 pm

descriptionRe: Antivirus Soft Removal31st March 2010, 4:03 pm

descriptionRe: Antivirus Soft Removal31st March 2010, 5:10 pm

descriptionRe: Antivirus Soft Removal31st March 2010, 9:53 pm

descriptionRe: Antivirus Soft Removal9th April 2010, 3:28 am

descriptionRe: Antivirus Soft Removal