Log in

llpeterson · 1 System Tool 2011 Removal on Wed Dec 15, 2010 7:38 pm

llpeterson

Member
Member

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999

12/15/2010 5:27:45 PM
mbam-log-2010-12-15 (17-27-45).txt

Scan type: Quick scan
Objects scanned: 132247
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

llpeterson · 2 System Tool 2011 Removal on Wed Dec 15, 2010 7:39 pm

llpeterson

Member
Member

MySystem-Search

MSS v1.7

Basic System Information

Username: Lana - Date: 12/15/2010 - Time: 17:35:32

Microsoft Windows [Version 6.0.6001]
Processor type: x86 Family 15 Model 67 Stepping 3, AuthenticAMD
Total processors: 2
Computer Name: LANA-PC
Logon Server: \\LANA-PC

CD Emulation Drivers running?

Roxio found!

Peer-to-Peer applications?

Security Tools Check

Malwarebytes' Anti-Malware
ERUNT

File associations

.exe=exefile
.scr=scrfile
.pif=piffile
.com=comfile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile

Running processes

PROCESS PID PRIO PATH
Dwm.exe 3200 Normal C:\Windows\system32\Dwm.exe
taskeng.exe 3240 Normal C:\Windows\system32\taskeng.exe
Explorer.EXE 3296 Normal C:\Windows\Explorer.EXE
winssnotify.exe 3904 Normal C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PIFSvc.exe 3924 Normal C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
GrooveMonitor.exe 3960 Normal C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
RtHDVCpl.exe 4040 Normal C:\WINDOWS\RtHDVCpl.exe
mswinext.exe 2096 Normal C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
ehtray.exe 3264 Normal C:\WINDOWS\ehome\ehtray.exe
wmpnscfg.exe 3312 Normal C:\Program Files\Windows Media Player\wmpnscfg.exe
AudibleDownloadHelper.exe 2548 Normal C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
SetPoint.exe 3460 Normal C:\Program Files\Logitech\SetPoint\SetPoint.exe
SSScheduler.exe 3472 Normal C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
ehmsas.exe 3700 Normal C:\Windows\ehome\ehmsas.exe
KHALMNPR.EXE 3572 Normal C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
iexplore.exe 5128 Normal C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 5180 Normal C:\Program Files\Internet Explorer\iexplore.exe
SCServer.exe 5264 Normal C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
GoogleToolbarUser_32.exe 5332 Normal C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
FlashUtil10l_ActiveX.exe 5532 Normal C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
iexplore.exe 5872 Normal C:\Program Files\Internet Explorer\iexplore.exe
wuauclt.exe 3248 Normal C:\Windows\system32\wuauclt.exe
msfeedssync.exe 2756 Normal C:\Windows\system32\msfeedssync.exe
iexplore.exe 4408 Normal C:\Program Files\Internet Explorer\iexplore.exe
DllHost.exe 4112 Normal C:\Windows\system32\DllHost.exe
mss.exe 1728 Normal C:\Users\Lana\Desktop\mss.exe
cmd.exe 5584 Normal C:\Windows\system32\cmd.exe
pv.exe 4720 Normal C:\Users\Lana\Desktop\pv.exe

User Profile check

Jeff
Lana
Public

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users
Default REG_EXPAND_SZ %SystemDrive%\Users\Default
Public REG_EXPAND_SZ %SystemDrive%\Users\Public
ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
Flags REG_DWORD 0x0
State REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1441919730-403836367-3978067661-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\Lana
Flags REG_DWORD 0x0
State REG_DWORD 0x0
Sid REG_BINARY 010500000000000515000000F2F2F155CF0D1218CD7E1CEDE8030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x3
RunLogonScriptSync REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1441919730-403836367-3978067661-1001.bak
ProfileImagePath REG_EXPAND_SZ C:\Users\Jeff
Flags REG_DWORD 0x0
State REG_DWORD 0x8000
Sid REG_BINARY 010500000000000515000000F2F2F155CF0D1218CD7E1CEDE9030000
ProfileLoadTimeLow REG_DWORD 0x0
ProfileLoadTimeHigh REG_DWORD 0x0
RefCount REG_DWORD 0x0
RunLogonScriptSync REG_DWORD 0x0

Current Scheduled Tasks

PATH: C:\Windows\Tasks

Google Software Updater.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
HPCeeScheduleForLana.job
SCHEDLGU.TXT
SA.DAT
User_Feed_Synchronization-{EB14D603-CE29-4292-9615-CFC7CED1B9FF}.job
User_Feed_Synchronization-{FB7C5F23-C2B4-4E1C-A42B-48C33211E3B8}.job

Windows Drivers and NT-Services

Volume in drive C is HP
Volume Serial Number is 62AA-FB0E

Directory of C:\Windows\System32\Drivers

09/29/2007 05:54 PM 1,851 103C_HP_CPC_GL309AA-ABA m8124n_YC_0Pavi_QMXF724_E73NAv3PrA1_49_INARRA2_SASUSTek Computer INC._V2.00_B5.09_T070515_WUU0_L409_M3071_J500_7AMD_8Athlon 64 X2 Dual Core_92.6_#070721_N10DE03EF_Z14F12F20_G10025B63_O.MRK
10/17/2010 01:57 PM 0 Msft_Kernel_LHidFilt_01005.Wdf
10/17/2010 01:57 PM 0 Msft_Kernel_LMouFilt_01005.Wdf
12/20/2008 08:07 PM 0 Msft_User_WpdFs_01_00_00.Wdf
06/01/2009 06:35 PM 0 Msft_User_WpdMtpDr_01_00_00.Wdf
5 File(s) 1,851 bytes
0 Dir(s) 340,857,159,680 bytes free
Volume in drive C is HP
Volume Serial Number is 62AA-FB0E

Directory of C:\Windows\System32\Drivers

02/23/2005 02:58 PM 11,776 afc.sys
05/26/2005 10:01 AM 21,344 lgusbbus.sys
05/26/2005 10:01 AM 38,144 lgusbdiag.sys
06/24/2005 05:36 PM 39,036 lgusbmodem.sys
12/12/2005 10:27 AM 19,072 PS2.sys
06/14/2006 08:35 AM 51,040 slabbus.sys
06/14/2006 08:35 AM 6,112 slabcm.sys
06/14/2006 08:35 AM 5,776 slabwh.sys
06/14/2006 08:35 AM 5,776 slabwhnt.sys
06/14/2006 08:35 AM 82,768 slabser.sys
06/14/2006 08:35 AM 6,112 slabcmnt.sys
06/19/2006 07:26 AM 12,672 mdmxsdk.sys
09/18/2006 02:26 PM 3,440,660 gm.dls
09/18/2006 02:26 PM 646 gmreadme.txt
10/01/2006 02:10 PM 328,162 ativcaxx.cpa
10/01/2006 02:10 PM 929 ativcaxx.vp
11/01/2006 11:37 PM 20,480 secdrv.sys
11/02/2006 12:30 AM 117,760 E1G60I32.sys
11/02/2006 12:30 AM 429,056 nvm60x32.sys
11/02/2006 12:36 AM 235,520 HdAudio.sys
11/02/2006 12:36 AM 20,608 ntrigdigi.sys
11/02/2006 01:24 AM 62,336 BrSerWdm.sys
11/02/2006 01:24 AM 12,160 BrUsbMdm.sys
11/02/2006 01:24 AM 13,568 BrFiltLo.sys
11/02/2006 01:24 AM 5,248 BrFiltUp.sys
11/02/2006 01:24 AM 11,904 BrUsbSer.sys
11/02/2006 01:25 AM 71,808 BrSerId.sys
11/02/2006 01:30 AM 39,424 intelppm.sys
11/02/2006 01:30 AM 38,400 processr.sys
11/02/2006 01:30 AM 38,912 amdk7.sys
11/02/2006 01:30 AM 38,912 crusoe.sys
11/02/2006 01:30 AM 39,424 viac7.sys
11/02/2006 01:35 AM 11,264 wmiacpi.sys
11/02/2006 01:42 AM 65,536 IPMIDrv.sys
11/02/2006 01:51 AM 8,704 parvdm.sys
11/02/2006 01:51 AM 17,920 serenum.sys
11/02/2006 01:51 AM 79,360 parport.sys
11/02/2006 01:51 AM 83,456 serial.sys
11/02/2006 01:51 AM 20,480 flpydisk.sys
11/02/2006 01:51 AM 25,088 fdc.sys
11/02/2006 01:51 AM 13,312 sffdisk.sys
11/02/2006 01:51 AM 12,800 sffp_mmc.sys
11/02/2006 01:51 AM 12,800 sffp_sd.sys
11/02/2006 01:51 AM 13,312 sfloppy.sys
11/02/2006 01:52 AM 20,608 wacompen.sys
11/02/2006 01:53 AM 26,112 vgapnp.sys
11/02/2006 01:55 AM 22,528 usbuhci.sys
11/02/2006 01:55 AM 29,184 hidbth.sys
11/02/2006 01:55 AM 39,936 bthmodem.sys
11/02/2006 02:04 AM 878,080 PEAuth.sys
11/02/2006 02:49 AM 14,952 aliide.sys
11/02/2006 02:49 AM 14,952 intelide.sys
11/02/2006 02:49 AM 16,488 i2omgmt.sys
11/02/2006 02:49 AM 15,464 amdide.sys
11/02/2006 02:49 AM 16,488 cmdide.sys
11/02/2006 02:49 AM 17,512 viaide.sys
11/02/2006 02:49 AM 18,280 compbatt.sys
11/02/2006 02:49 AM 19,560 wd.sys
11/02/2006 02:49 AM 22,632 crcdisk.sys
11/02/2006 02:49 AM 23,144 msahci.sys
11/02/2006 02:49 AM 25,192 battc.sys
11/02/2006 02:49 AM 27,752 i2omp.sys
11/02/2006 02:49 AM 53,352 SISAGP.SYS
11/02/2006 02:49 AM 53,864 AGP440.sys
11/02/2006 02:49 AM 54,376 VIAAGP.SYS
11/02/2006 02:49 AM 28,776 megasas.sys
11/02/2006 02:49 AM 31,848 sym_hi.sys
11/02/2006 02:49 AM 54,888 AMDAGP.SYS
11/02/2006 02:49 AM 33,384 Mraid35x.sys
11/02/2006 02:49 AM 56,936 UAGP35.SYS
11/02/2006 02:50 AM 34,920 sym_u3.sys
11/02/2006 02:50 AM 58,472 ULIAGPKX.SYS
11/02/2006 02:50 AM 58,984 GAGP30KX.SYS
11/02/2006 02:50 AM 65,640 lsi_fc.sys
11/02/2006 02:50 AM 35,944 symc8xx.sys
11/02/2006 02:50 AM 65,640 lsi_sas.sys
11/02/2006 02:50 AM 35,944 iteatapi.sys
11/02/2006 02:50 AM 35,944 iteraid.sys
11/02/2006 02:50 AM 67,688 arc.sys
11/02/2006 02:50 AM 65,640 lsi_scsi.sys
11/02/2006 02:50 AM 37,480 HpCISSs.sys
11/02/2006 02:50 AM 38,504 sisraid2.sys
11/02/2006 02:50 AM 67,688 arcsas.sys
11/02/2006 02:50 AM 71,272 djsvs.sys
11/02/2006 02:50 AM 40,040 nvstor.sys
11/02/2006 02:50 AM 76,392 sbp2port.sys
11/02/2006 02:50 AM 71,784 sisraid4.sys
11/02/2006 02:50 AM 78,952 mpio.sys
11/02/2006 02:50 AM 41,576 iirsp.sys
11/02/2006 02:50 AM 80,488 msdsm.sys
11/02/2006 02:50 AM 45,160 nfrd960.sys
11/02/2006 02:50 AM 47,208 isapnp.sys
11/02/2006 02:50 AM 88,680 nvraid.sys
11/02/2006 02:50 AM 98,408 ulsata.sys
11/02/2006 02:50 AM 98,408 adpu160m.sys
11/02/2006 02:50 AM 106,088 ql40xx.sys
11/02/2006 02:50 AM 106,600 NV_AGP.SYS
11/02/2006 02:50 AM 112,232 vsmraid.sys
11/02/2006 02:50 AM 115,816 ulsata2.sys
11/02/2006 02:51 AM 147,048 adpu320.sys
11/02/2006 02:51 AM 167,528 pcmcia.sys
11/02/2006 02:51 AM 232,040 iaStorV.sys
11/02/2006 02:51 AM 235,112 uliahci.sys
11/02/2006 02:51 AM 297,576 adpahci.sys
11/02/2006 02:51 AM 316,520 elxstor.sys
11/02/2006 02:51 AM 420,968 adp94xx.sys
11/02/2006 02:51 AM 900,712 ql2300.sys
11/02/2006 04:18 AM etc
01/03/2007 07:20 PM 1,732 nvphy.bin
01/04/2007 09:41 AM 255,488 netr73.sys
01/15/2007 12:43 AM 354,432 hcw18bda.sys
01/15/2007 12:43 AM 141,200 hcw18apu.rom
01/15/2007 12:43 AM 14,264 hcw18mlB.rom
01/15/2007 12:43 AM 16,382 hcw18mlC.rom
01/15/2007 12:43 AM 174,716 hcw18enc.rom
02/02/2007 04:00 AM 9,336 cdr4_xp.sys
02/02/2007 04:00 AM 9,464 cdralw2k.sys
02/10/2007 05:18 PM 7,409,024 nvlddmkm.sys
03/01/2007 09:21 AM 1,744,928 RTKVHDA.sys
03/19/2007 06:58 AM 101,672 nvstor32.sys
04/18/2007 12:19 PM 2,096 ativdkxx.vp
05/04/2007 01:29 AM 1,065,384 nvmfdx32.sys
05/07/2007 03:00 AM 43,528 pxhelp20.sys
05/30/2007 03:37 PM 2,096 ativpkxx.vp
05/30/2007 03:37 PM 2,096 ativokxx.vp
09/29/2007 02:16 AM 49,152 ati2erec.dll
09/29/2007 03:13 AM 3,154,944 atikmdag.sys
09/29/2007 05:47 AM 52,432 ativvpxx.vp
10/18/2007 06:36 AM 8,704 XAudio.sys
10/18/2007 06:37 AM 386,560 XAudio.exe
11/27/2007 10:44 PM 37,440 msfwhlpr.sys
11/27/2007 10:45 PM 91,200 msfwdrv.sys
01/05/2008 04:31 AM 3 MsftWdf_Kernel_01007_Inbox_Critical.Wdf
01/18/2008 09:10 PM 681,984 spsys.sys
01/18/2008 09:30 PM 53,760 hdaudbus.sys
01/18/2008 10:27 PM 44,032 amdk8.sys
01/18/2008 10:27 PM 12,800 fs_rec.sys
01/18/2008 10:28 PM 143,360 fastfat.sys
01/18/2008 10:28 PM 136,192 exfat.sys
01/18/2008 10:28 PM 70,144 cdfs.sys
01/18/2008 10:28 PM 226,816 udfs.sys
01/18/2008 10:28 PM 22,528 msfs.sys
01/18/2008 10:28 PM 34,816 npfs.sys
01/18/2008 10:28 PM 75,264 dfsc.sys
01/18/2008 10:28 PM 69,632 bowser.sys
01/18/2008 10:28 PM 224,768 rdbss.sys
01/18/2008 10:28 PM 110,080 mrxdav.sys
01/18/2008 10:28 PM 350,720 csc.sys
01/18/2008 10:30 PM 27,648 filetrace.sys
01/18/2008 10:30 PM 84,480 luafv.sys
01/18/2008 10:35 PM 32,768 watchdog.sys
01/18/2008 10:36 PM 13,312 dxapi.sys
01/18/2008 10:36 PM 76,288 dxg.sys
01/18/2008 10:49 PM 6,144 beep.sys
01/18/2008 10:49 PM 4,608 null.sys
01/18/2008 10:49 PM 19,968 sermouse.sys
01/18/2008 10:49 PM 15,872 mouhid.sys
01/18/2008 10:49 PM 15,872 kbdhid.sys
01/18/2008 10:49 PM 5,888 mspclock.sys
01/18/2008 10:49 PM 54,784 i8042prt.sys
01/18/2008 10:49 PM 5,504 mspqm.sys
01/18/2008 10:49 PM 6,016 mstee.sys
01/18/2008 10:49 PM 8,192 mskssrv.sys
01/18/2008 10:49 PM 148,992 ks.sys
01/18/2008 10:49 PM 17,408 smclib.sys
01/18/2008 10:49 PM 19,968 Diskdump.sys
01/18/2008 10:49 PM 67,072 cdrom.sys
01/18/2008 10:49 PM 24,576 tape.sys
01/18/2008 10:49 PM 18,944 mcd.sys
01/18/2008 10:52 PM 25,088 vga.sys
01/18/2008 10:52 PM 110,080 videoprt.sys
01/18/2008 10:52 PM 41,984 monitor.sys
01/18/2008 10:52 PM 51,200 WUDFPf.sys
01/18/2008 10:53 PM 83,328 WUDFRd.sys
01/18/2008 10:53 PM 5,632 drmkaud.sys
01/18/2008 10:53 PM 25,472 hidparse.sys
01/18/2008 10:53 PM 52,992 stream.sys
01/18/2008 10:53 PM 38,912 hidclass.sys
01/18/2008 10:53 PM 5,888 usbd.sys
01/18/2008 10:53 PM 12,288 hidusb.sys
01/18/2008 10:53 PM 21,504 hidir.sys
01/18/2008 10:53 PM 167,936 portcls.sys
01/18/2008 10:53 PM 39,424 usbehci.sys
01/18/2008 10:53 PM 19,456 usbohci.sys
01/18/2008 10:53 PM 55,296 USBSTOR.SYS
01/18/2008 10:53 PM 25,728 USBCAMD.sys
01/18/2008 10:53 PM 25,728 USBCAMD2.sys
01/18/2008 10:53 PM 35,328 circlass.sys
01/18/2008 10:53 PM 68,608 usbcir.sys
01/18/2008 10:53 PM 226,304 usbport.sys
01/18/2008 10:53 PM 53,376 1394bus.sys
01/18/2008 10:53 PM 73,216 usbccgp.sys
01/18/2008 10:53 PM 12,288 bdasup.sys
01/18/2008 10:53 PM 61,952 ohci1394.sys
01/18/2008 10:53 PM 7,680 umpass.sys
01/18/2008 10:53 PM 34,816 umbus.sys
01/18/2008 10:53 PM 194,560 usbhub.sys
01/18/2008 10:54 PM 64,000 mpsdrv.sys
01/18/2008 10:55 PM 47,104 lltdio.sys
01/18/2008 10:55 PM 60,416 rspndr.sys
01/18/2008 10:55 PM 13,312 irenum.sys
01/18/2008 10:55 PM 95,744 irda.sys
01/18/2008 10:55 PM 66,560 smb.sys
01/18/2008 10:55 PM 184,320 netbt.sys
01/18/2008 10:55 PM 16,896 ndisuio.sys
01/18/2008 10:55 PM 15,360 TUNMP.SYS
01/18/2008 10:55 PM 35,840 netbios.sys
01/18/2008 10:55 PM 16,384 nsiproxy.sys
01/18/2008 10:55 PM 71,680 tdx.sys
01/18/2008 10:56 PM 31,232 qwavedrv.sys
01/18/2008 10:56 PM 33,280 RNDISMP.sys
01/18/2008 10:56 PM 30,208 tcpipreg.sys
01/18/2008 10:56 PM 15,872 usb8023.sys
01/18/2008 10:56 PM 47,616 ipfltdrv.sys
01/18/2008 10:56 PM 20,992 ndistapi.sys
01/18/2008 10:56 PM 49,664 ndproxy.sys
01/18/2008 10:56 PM 100,864 ipnat.sys
01/18/2008 10:56 PM 17,408 asyncmac.sys
01/18/2008 10:56 PM 11,776 rasacd.sys
01/18/2008 10:56 PM 62,464 wanarp.sys
01/18/2008 10:56 PM 41,472 raspppoe.sys
01/18/2008 10:56 PM 121,344 ndiswan.sys
01/18/2008 10:56 PM 76,288 rasl2tp.sys
01/18/2008 10:56 PM 62,976 raspptp.sys
01/18/2008 10:56 PM 69,120 rassstp.sys
01/18/2008 10:56 PM 15,872 ws2ifsl.sys
01/18/2008 10:57 PM 273,920 afd.sys
01/18/2008 10:57 PM 20,992 tdi.sys
01/18/2008 10:57 PM 8,192 rootmdm.sys
01/18/2008 10:57 PM 31,744 modem.sys
01/18/2008 11:01 PM 17,920 tdpipe.sys
01/18/2008 11:01 PM 29,184 tdtcp.sys
01/18/2008 11:01 PM 6,144 RDPCDD.sys
01/18/2008 11:01 PM 6,144 RDPENCDD.sys
01/18/2008 11:01 PM 23,552 tssecsrv.sys
01/18/2008 11:01 PM 181,248 rdpwd.sys
01/18/2008 11:02 PM 248,832 rdpdr.sys
01/18/2008 11:04 PM 39,936 WpdUsb.sys
01/18/2008 11:14 PM 35,328 usbscan.sys
01/18/2008 11:14 PM 18,944 usbprint.sys
01/18/2008 11:53 PM 130,048 drmk.sys
01/18/2008 11:58 PM 93,696 bridge.sys
01/19/2008 12:41 AM 16,440 pciide.sys
01/19/2008 12:41 AM 16,440 msisadrv.sys
01/19/2008 12:41 AM 15,288 swenum.sys
01/19/2008 12:41 AM 17,976 wmilib.sys
01/19/2008 12:41 AM 21,560 atapi.sys
01/19/2008 12:41 AM 21,048 spldr.sys
01/19/2008 12:41 AM 29,240 Dumpata.sys
01/19/2008 12:41 AM 31,288 mssmbios.sys
01/19/2008 12:41 AM 35,384 kbdclass.sys
01/19/2008 12:41 AM 34,360 mouclass.sys
01/19/2008 12:41 AM 36,408 crashdmp.sys
01/19/2008 12:41 AM 35,896 WdfLdr.sys
01/19/2008 12:42 AM 45,112 pciidex.sys
01/19/2008 12:42 AM 142,904 scsiport.sys
01/19/2008 12:42 AM 143,416 ecache.sys
01/19/2008 12:42 AM 145,464 fvevol.sys
01/19/2008 12:42 AM 49,720 mup.sys
01/19/2008 12:42 AM 52,792 volmgr.sys
01/19/2008 12:42 AM 54,328 termdd.sys
01/19/2008 12:42 AM 55,352 disk.sys
01/19/2008 12:42 AM 151,096 pci.sys
01/19/2008 12:42 AM 56,376 partmgr.sys
01/19/2008 12:42 AM 56,376 dumpfve.sys
01/19/2008 12:42 AM 57,400 mountmgr.sys
01/19/2008 12:42 AM 163,384 msrpc.sys
01/19/2008 12:42 AM 58,936 fileinfo.sys
01/19/2008 12:42 AM 181,304 msiscsi.sys
01/19/2008 12:42 AM 192,056 fltMgr.sys
01/19/2008 12:42 AM 223,288 netio.sys
01/19/2008 12:42 AM 227,896 volsnap.sys
01/19/2008 12:43 AM 101,432 FWPKCLNT.SYS
01/19/2008 12:43 AM 266,808 acpi.sys
01/19/2008 12:43 AM 294,456 volmgrx.sys
01/19/2008 12:43 AM 110,136 ataport.sys
01/19/2008 12:43 AM 123,960 Storport.sys
01/19/2008 12:43 AM 127,544 Classpnp.sys
01/19/2008 12:43 AM 503,864 Wdf01000.sys
01/19/2008 12:43 AM 529,464 ndis.sys
01/19/2008 12:43 AM 1,081,912 ntfs.sys
04/04/2008 06:21 PM 72,192 pacer.sys
05/06/2008 04:42 AM 146,036 HSFProf.cty
05/08/2008 04:03 AM 980,992 HSX_DP.sys
05/08/2008 04:04 AM 661,504 HSX_CNXT.sys
05/08/2008 04:05 AM 266,752 HSXHWBS2.sys
05/09/2008 06:33 PM 113,664 rmcast.sys
05/15/2008 03:15 PM 53,168 MpFilter.sys
05/19/2008 07:07 PM 148,480 nwifi.sys
08/01/2008 06:01 PM 625,152 dxgkrnl.sys
12/20/2008 12:06 AM UMDF
05/18/2009 02:17 PM 26,600 GEARAspiWDM.sys
06/15/2009 11:20 AM 439,896 ksecdd.sys
06/17/2009 09:56 AM 35,472 LHidFilt.Sys
06/17/2009 09:56 AM 37,392 LMouFilt.Sys
02/18/2010 04:52 AM 25,088 tunnel.sys
02/20/2010 02:18 PM 411,136 http.sys
02/22/2010 12:44 AM 49,904 BVRPMPR5.SYS
02/23/2010 04:32 AM 105,984 mrxsmb.sys
02/23/2010 04:32 AM 78,848 mrxsmb20.sys
02/23/2010 04:32 AM 212,992 mrxsmb10.sys
02/26/2010 12:22 AM en-US
04/19/2010 07:47 PM 41,984 usbaapl.sys
04/29/2010 03:39 PM 20,952 mbam.sys
04/29/2010 03:39 PM 38,224 mbamswissarmy.sys
06/16/2010 08:59 AM 898,952 tcpip.sys
09/06/2010 07:12 AM 101,888 srvnet.sys
09/06/2010 07:12 AM 145,408 srv2.sys
09/06/2010 07:13 AM 303,616 srv.sys
12/15/2010 05:14 PM .
12/15/2010 05:14 PM ..
306 File(s) 45,758,766 bytes
5 Dir(s) 340,857,143,296 bytes free

llpeterson · 3 System Tool 2011 Removal on Wed Dec 15, 2010 7:42 pm

llpeterson

Member
Member

Restrictions - Internet Explorer

Restrictions - REGEDIT

Restrictions - Explorer

DNS Settings

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{04822632-E047-45DA-AF14-AA1E553F686F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0f694452-6a70-11db-8eb3-806e6f6e6963}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1FEB86C1-E92A-481E-980B-302B800E5E41}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EE556BCE-7BB0-41B7-898C-6276F6BE9AE2}

Windows IP Configuration

Host Name . . . . . . . . . . . . : Lana-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : USB Wireless 802.11 b/g Adaptor
Physical Address. . . . . . . . . : 00-C0-A8-EA-00-2D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1B-FC-52-04-94
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a49c:ca04:c073:cc00%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, December 15, 2010 5:16:12 PM
Lease Expires . . . . . . . . . . : Thursday, December 16, 2010 5:16:12 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{EE556BCE-7BB0-41B7-898C-6276F6BE9AE2}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2c0d:2b96:3f57:fefc(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c0d:2b96:3f57:fefc%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{04822632-E047-45DA-AF14-AA1E553F686F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

AppInit DLLs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs REG_SZ

Shell Service Object Delay Load

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

Shell Execute Hooks

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} REG_SZ Groove GFS Stub Execution Hook

Image File Execution Options

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe

Security Providers

Local Security Authority

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
auditbaseobjects REG_DWORD 0x0
auditbasedirectories REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
fullprivilegeauditing REG_BINARY 00
Bounds REG_BINARY 0030000000200000
LimitBlankPasswordUse REG_DWORD 0x1
LmCompatibilityLevel REG_DWORD 0x3
NoLmHash REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg
Authentication Packages REG_MULTI_SZ msv1_0
LsaPid REG_DWORD 0x2d0
SecureBoot REG_DWORD 0x1
ProductType REG_DWORD 0x1
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
forceguest REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache

AppCert DLLs

App Paths

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\AcroRd32.exe
(Default) REG_SZ C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
Path REG_SZ C:\Program Files\Adobe\Reader 8.0\Reader\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
CmstpExtensionDll REG_SZ C:\Windows\system32\cmcfg32.dll
CmNative REG_DWORD 0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\D:

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\D:\Scanner Driver Update

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\D:\Scanner Driver Update\Files

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\D:\Scanner Driver Update\Files\E_DUPA10.EXE
Path REG_SZ C:\Program Files\EPSON\Scanner Driver Update\CX5000
(Default) REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\DJCUHost.exe
(Default) REG_SZ C:\Program Files\Common Files\LogiShrd\Unifying\DJCUHost.exe
Path REG_SZ C:\Program Files\Common Files\LogiShrd\Unifying

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dvdmaker.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Movie Maker\dvdmaker.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Escfg.exe
(Default) REG_SZ C:\Windows\twain_32\escndv\Escfg.exe
Path REG_SZ C:\Windows\twain_32\escndv

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Escndv.exe
(Default) REG_SZ C:\Windows\twain_32\escndv\Escndv.exe
Path REG_SZ C:\Windows\twain_32\escndv

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\excel.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\GROOVE.EXE
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\GROOVE.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\HpqPSApl.exe
Path REG_SZ c:\Program Files\HP\Digital Imaging\bin\;c:\Program Files\Common Files\HP\Digital Imaging\bin
(Default) REG_SZ c:\Program Files\HP\Digital Imaging\bin\HpqPSApl.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqpsapp.exe
Path REG_SZ c:\Program Files\Common Files\HP\Digital Imaging\bin
(Default) REG_SZ c:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\hpqpse.exe
(Default) REG_SZ c:\Program Files\HP\Digital Imaging\Bin\hpqpse.exe
Path REG_SZ c:\Program Files\HP\Digital Imaging\Bin\;c:\Program Files\Common Files\HP\Digital Imaging\Bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
(Default) REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE
Path REG_SZ C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\infopath.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\INFOPATH.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\inkball.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Microsoft Games\inkball\inkball.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
BlockOnTSNonInstallMode REG_DWORD 0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\iTunes.exe
(Default) REG_SZ C:\Program Files\iTunes\iTunes.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
(Default) REG_SZ C:\Program Files\Java\jre6\bin\javaws.exe
Path REG_SZ C:\Program Files\Java\jre6\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Journal.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Journal\Journal.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\LBTWiz.exe
(Default) REG_SZ C:\Program Files\Logitech\SetPoint\LBTWiz.exe
Path REG_SZ C:\Program Files\Common Files\LogiShrd\Bluetooth

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mbam.exe
(Default) REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MediaCapture9.exe
(Default) REG_SZ c:\Program Files\Roxio\Media Import 9\MediaCapture9.exe
Path REG_SZ c:\Program Files\Roxio\Media Import 9\;c:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\moviemk.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Movie Maker\moviemk.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSACCESS.EXE
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\MSACCESS.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msimn.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\WinMail.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MsoHtmEd.exe
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msoxmled.exe
(Default) REG_SZ C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MSPUB.EXE
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\MSPUB.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_DWORD 0x1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\msworks.exe
(Default) REG_SZ c:\Program Files\Microsoft Works\msworks.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MyDVD9.exe
(Default) REG_SZ c:\Program Files\Roxio\VideoUI 9\MyDVD9.exe
Path REG_SZ c:\Program Files\Roxio\VideoUI 9\;c:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ois.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\OIS.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 0
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OneNote.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
SaveURL REG_SZ 1
useURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\OUTLOOK.EXE
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
(Default) REG_EXPAND_SZ %SystemRoot%\System32\mspaint.exe
Path REG_EXPAND_SZ %SystemRoot%\System32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pcdr5cuiw32.exe
(Default) REG_SZ C:\Program Files\PC-Doctor 5 for Windows\pcdr5cuiw32.exe
Path REG_SZ C:\Program Files\PC-Doctor 5 for Windows\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PhotoImpression.exe
Path REG_SZ C:\Program Files\ArcSoft\PhotoImpression 5
(Default) REG_SZ C:\Program Files\ArcSoft\PhotoImpression 5\PhotoImpression.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PictureViewer.exe
Path REG_SZ C:\Program Files\QuickTime\
(Default) REG_SZ C:\Program Files\QuickTime\PictureViewer.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\powerpnt.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\POWERPNT.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\QuickTimePlayer.exe
(Default) REG_SZ C:\Program Files\QuickTime\QuickTimePlayer.exe
Path REG_SZ C:\Program Files\QuickTime\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RealPlay.exe
(Default) REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe
Path REG_SZ C:\Program Files\Real\RealPlayer

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Rhapsody.exe
(Default) REG_SZ
Version REG_SZ 4.0.0.911

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\rnxproc.exe
(Default) REG_SZ C:\Program Files\Common Files\Real\Update_OB\rnxproc.exe
Path REG_SZ C:\Program Files\Common Files\Real\Update_OB\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RomLauncher.exe
(Default) REG_SZ c:\Program Files\Common Files\Roxio Shared\Dragon\RomLauncher.exe
Path REG_SZ c:\Program Files\Common Files\Roxio Shared\Dragon\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Roxio_Central33.exe
Path REG_SZ c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\
(Default) REG_SZ c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RoxMediaDB9.exe
(Default) REG_SZ c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
Path REG_SZ c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\RoxWizardLauncher9.exe
(Default) REG_SZ c:\Program Files\Common Files\Roxio Shared\9.0\SharedCom\RoxWizardLauncher9.exe
Path REG_SZ c:\Program Files\Common Files\Roxio Shared\9.0\SharedCom\;c:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Safari.exe
(Default) REG_SZ C:\Program Files\Safari\Safari.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SetPoint.exe
(Default) REG_SZ C:\Program Files\Logitech\SetPoint\SetPoint.exe
Path REG_SZ C:\Program Files\Logitech\SetPoint

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
BlockOnTSNonInstallMode REG_DWORD 0x1
Path REG_SZ C:\Program Files\Actiontec\GTDrivers
(Default) REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\sidebar.exe
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows Sidebar\sidebar.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SnippingTool.exe
(Default) REG_EXPAND_SZ C:\Windows\System32\SnippingTool.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\stax.exe
(Default) REG_SZ c:\Program Files\Roxio\Express Labeler 3\stax.exe
Path REG_SZ c:\Program Files\Roxio\Express Labeler 3\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\stikynot.exe
(Default) REG_EXPAND_SZ C:\Windows\System32\stikynot.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
UseShortName REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TabTip.exe
(Default) REG_EXPAND_SZ %CommonProgramFiles%\microsoft shared\ink\TabTip.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VCGProxyFileManager9.exe
(Default) REG_SZ c:\Program Files\Roxio\VideoCore 9\VCGProxyFileManager9.exe
Path REG_SZ c:\Program Files\Roxio\VideoCore 9\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VCU3DcheckApp.exe
(Default) REG_SZ
Path REG_SZ c:\Program Files\Roxio\VideoCore 9\;c:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\VideoWave9.exe
(Default) REG_SZ c:\Program Files\Roxio\VideoUI 9\VideoWave9.exe
Path REG_SZ c:\Program Files\Roxio\VideoUI 9\;c:\Program Files\Common Files\Roxio Shared\DLLShared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wab.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Mail

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\wabmig.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinCal.exe
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows Calendar\wincal.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WinMail.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Mail\WinMail.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Winword.exe
(Default) REG_SZ C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE
Path REG_SZ C:\Program Files\Microsoft Office\Office12\
useURL REG_SZ 1
SaveURL REG_SZ 1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKPLMSTP.EXE
(Default) REG_SZ c:\Program Files\Microsoft Works\wkplmstp.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSAB.EXE
(Default) REG_SZ c:\Program Files\Microsoft Works\WKSAB.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkscal.exe
(Default) REG_SZ c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkscal.exe
Path REG_SZ c:\Program Files\Common Files\Microsoft Shared\Works Shared\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksdb.exe
(Default) REG_SZ c:\Program Files\Microsoft Works\wksdb.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKSSB.EXE
(Default) REG_SZ c:\Program Files\Microsoft Works\WKSSB.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wksss.exe
(Default) REG_SZ C:\Program Files\Microsoft Works\wksss.exe
Path REG_SZ C:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wkswp.exe
(Default) REG_SZ c:\Program Files\Microsoft Works\wkswp.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WKWCESTP.EXE
(Default) REG_SZ c:\Program Files\Microsoft Works\wkwcestp.exe
Path REG_SZ c:\Program Files\Microsoft Works\

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
(Default) REG_EXPAND_SZ %ProgramFiles%\Windows Media Player\wmplayer.exe
Path REG_EXPAND_SZ %ProgramFiles%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
(Default) REG_EXPAND_SZ "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\XPSViewer.exe
(Default) REG_SZ "C:\Windows\System32\XPSViewer\XPSViewer.exe"

Mozilla

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
{20a82645-c095-46ed-80e3-08825760534b} REG_SZ c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
m3ffxtbr@mywebsearch.com REG_SZ C:\Program Files\MyWebSearch\bar\1.bin
msntoolbar@msn.com REG_SZ C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox
{27182e60-b5f3-411c-b545-b44205977502} REG_SZ C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\

Shared Task Scheduler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

SafeBoot

SafeBootMinimal

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

SafeBootNetwork

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\OneCareMP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

File Rename Operations - Session

Known DLLs - Session

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
clbcatq REG_SZ clbcatq.dll
ole32 REG_SZ ole32.dll
advapi32 REG_SZ advapi32.dll
COMDLG32 REG_SZ COMDLG32.dll
DllDirectory REG_EXPAND_SZ %SystemRoot%\system32
gdi32 REG_SZ gdi32.dll
IERTUTIL REG_SZ IERTUTIL.dll
IMAGEHLP REG_SZ IMAGEHLP.dll
IMM32 REG_SZ IMM32.dll
kernel32 REG_SZ kernel32.dll
LPK REG_SZ LPK.dll
MSCTF REG_SZ MSCTF.dll
MSVCRT REG_SZ MSVCRT.dll
NORMALIZ REG_SZ NORMALIZ.dll
NSI REG_SZ NSI.dll
OLEAUT32 REG_SZ OLEAUT32.dll
rpcrt4 REG_SZ rpcrt4.dll
Setupapi REG_SZ Setupapi.dll
SHELL32 REG_SZ SHELL32.dll
SHLWAPI REG_SZ SHLWAPI.dll
URLMON REG_SZ URLMON.dll
user32 REG_SZ user32.dll
USP10 REG_SZ USP10.dll
WININET REG_SZ WININET.dll
WLDAP32 REG_SZ WLDAP32.dll
WS2_32 REG_SZ WS2_32.dll

Downloaded program files (ActiveX)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49232000-16E4-426C-A231-62846947304B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E3E02F12-2ADB-478C-8742-5F0819F9F0F4}

PATH: C:\windows\Downloaded Program Files

desktop.ini
erma.inf
f3initialsetup1.0.1.1.inf
GarminAxControl.ocx
HPBasicDetection3.dll
HPProductDetails.dll
IDrop.ocx
IDropENU.dll
LogInfo.dll
OSD96E9.OSD
PhotoUploader5.inf
PhotoUploader5.ocx
qsp2ie06041001.dll
qsp2ie06041001.inf
SysInfo.dll
sysinfo.inf

Mountpoints

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{015b0a2a-a395-11dd-b600-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{063a2812-11fe-11df-a830-415645000030}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07f567d2-7878-11df-a89a-415645000030}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c4c31ef-1067-11df-9e72-415645000030}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1065143d-1cb8-11df-93db-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{199872ac-7af7-11df-b5a8-415645000030}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{304040cd-7049-11dc-899f-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3334b111-f39f-11dc-be4d-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3334b114-f39f-11dc-be4d-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3738ac93-dc04-11dc-8278-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3738ac9e-dc04-11dc-8278-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e04748a-8d7a-11dc-8472-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ec21f4f-da22-11df-b3f0-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57ce40c8-2276-11df-9e84-415645000030}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57ce40cb-2276-11df-9e84-415645000030}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e8eb9f4-d00c-11dc-925b-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e8eb9fc-d00c-11dc-925b-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{662c123f-26ac-11de-968b-415645000030}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a6e1a43-35b3-11de-ae1a-415645000030}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c3808ed-8e42-11dc-aace-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f338c02-eca4-11dc-8db1-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7724a7d5-1e72-11df-a646-415645000030}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7724a7d9-1e72-11df-a646-415645000030}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d740f73-984f-11dc-8013-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad4921da-c692-11df-a900-415645000030}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be219334-bcb7-11dc-819b-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e8e005-708a-11dc-9eea-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e8e008-708a-11dc-9eea-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c657a3d9-6ee3-11dc-8c4c-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c657a3da-6ee3-11dc-8c4c-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c657a3e1-6ee3-11dc-8c4c-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c657a3e2-6ee3-11dc-8c4c-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c657a3e3-6ee3-11dc-8c4c-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c657a3e4-6ee3-11dc-8c4c-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de777fab-6ee4-11dc-906f-001bfc520494}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5e4b665-d29d-11dd-b488-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbc29f04-7b8d-11dc-89da-806e6f6e6963}

Winlogon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 0x1
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 0x1
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 0x27

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked

Windows Update

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\windowsupdate\auto update\results\install
LastSuccessTime REG_SZ 2010-12-15 18:16:30
LastError REG_DWORD 0x0

Security Software Information

*Note*: Some security software does not store itself in the WMI.

Belahzur · 4 Re: System Tool 2011 Removal on Wed Dec 15, 2010 8:16 pm

Belahzur

AMA Member

Hello.

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

grandin · 5 Re: System Tool 2011 Removal on Wed Dec 15, 2010 8:46 pm

grandin

New Member

OTL logfile created on: 12/15/2010 5:39:04 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Nina\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 146.12 Gb Free Space | 66.96% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.87 Gb Free Space | 46.89% Space Free | Partition Type: NTFS

Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/15 17:38:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Downloads\OTL.exe
PRC - [2010/12/15 17:32:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

========== Modules (SafeList) ==========

MOD - [2010/12/15 17:38:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Downloads\OTL.exe
MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/03/19 08:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/19 08:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/21 10:35:16 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 03:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/03/29 20:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/25 20:23:58 | 000,894,976 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/08/18 13:51:18 | 000,254,624 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 16:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/06 16:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009/04/10 21:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/19 08:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)

grandin · 6 Re: System Tool 2011 Removal on Wed Dec 15, 2010 8:48 pm

grandin

New Member

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

Sneakyone · 7 Re: System Tool 2011 Removal on Thu Dec 16, 2010 11:48 am

Sneakyone

Secondary Administrator

Hi,

Your OTL log is cut off. Please copy and paste the entire log. You may need to split them into multiple posts.

llpeterson · 8 Re: System Tool 2011 Removal on Tue Dec 21, 2010 3:38 pm

llpeterson

Member
Member

OTL logfile created on: 12/21/2010 1:30:28 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Lana\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.90 Gb Total Space | 316.79 Gb Free Space | 69.33% Space Free | Partition Type: NTFS
Drive D: | 8.86 Gb Total Space | 1.01 Gb Free Space | 11.38% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 4.34 Gb Free Space | 99.13% Space Free | Partition Type: UDF

Computer Name: LANA-PC | User Name: Lana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/21 13:29:41 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Lana\Desktop\OTL.exe
PRC - [2010/12/07 17:22:20 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/11/01 21:25:18 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/27 15:39:38 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
PRC - [2010/02/05 16:19:46 | 000,065,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2010/02/05 16:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PRC - [2010/02/05 16:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/17 12:54:40 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2009/08/19 10:09:40 | 000,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/07/20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/07/09 16:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2007/11/27 22:45:02 | 000,869,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
PRC - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/03/01 08:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe

========== Modules (SafeList) ==========

MOD - [2010/12/21 13:29:41 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Lana\Desktop\OTL.exe
MOD - [2010/08/31 08:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/05 16:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2010/02/05 16:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/19 10:09:40 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/07/09 16:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV - [2008/03/07 20:14:34 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/27 22:45:02 | 000,869,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc)
SRV - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ngwfp.sys -- (NgWfp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ngvpn.sys -- (NgVpn)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nglog.sys -- (NgLog)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ngfilter.sys -- (NgFilter)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/02/22 00:44:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/11/27 22:45:00 | 000,091,200 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\msfwdrv.sys -- (MSFWDrv)
DRV - [2007/11/27 22:44:54 | 000,037,440 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\msfwhlpr.sys -- (MSFWHLPR)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/29 03:13:58 | 003,154,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/09/29 03:13:58 | 003,154,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/05/04 01:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/03/19 06:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/03/01 09:21:10 | 001,744,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/10 17:18:00 | 007,409,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/01/15 00:43:28 | 000,354,432 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2007/01/04 09:41:50 | 000,255,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/06/14 08:35:22 | 000,082,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\slabser.sys -- (slabser)
DRV - [2006/06/14 08:35:22 | 000,051,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\slabbus.sys -- (slabbus) Edge Products USB Device driver (WDM)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\tbNCH.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ksl.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\tbNCH.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/11/03 14:26:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/05 12:07:00 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\tbNCH.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\tbNCH.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files\NCH\tbNCH.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus CX5000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Users\Lana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Lana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clydeinc.com ([webmail] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} http://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab (Quantum Streaming IE VersionManager Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img4.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/30 09:03:07 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3738ac9e-dc04-11dc-8278-001bfc520494}\Shell - "" = AutoRun
O33 - MountPoints2\{3738ac9e-dc04-11dc-8278-001bfc520494}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4ec21f4f-da22-11df-b3f0-001bfc520494}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{c0e8e008-708a-11dc-9eea-001bfc520494}\Shell - "" = AutoRun
O33 - MountPoints2\{c0e8e008-708a-11dc-9eea-001bfc520494}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ed836f9e-0b80-11e0-b46d-001bfc520494}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{ed836f9e-0b80-11e0-b46d-001bfc520494}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/21 13:29:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Lana\Desktop\OTL.exe
[2010/12/19 17:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\3ivx
[2010/12/19 17:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Flip Video
[2010/12/19 17:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2010/12/18 15:01:28 | 000,000,000 | ---D | C] -- C:\Users\Lana\Desktop\SJ Stuff
[2010/12/16 10:00:37 | 000,000,000 | ---D | C] -- C:\Algebrator
[2010/12/16 10:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Algebrator
[2010/12/16 09:59:48 | 007,590,055 | ---- | C] (SoftMath Inc ) -- C:\Users\Lana\Desktop\alg502win.exe
[2010/12/15 17:12:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/15 17:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/12/15 17:11:26 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Lana\Desktop\erunt-setup.exe
[2010/12/15 16:31:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Lana\Desktop\TFC.exe
[2010/12/15 14:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\lOhEn06308
[2010/12/14 17:00:32 | 000,000,000 | ---D | C] -- C:\Users\Lana\Documents\Lana pics
[2010/12/14 15:54:55 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/14 15:54:47 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/14 15:54:47 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/14 15:54:45 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/14 15:54:38 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/14 15:54:32 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/14 15:54:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/14 15:54:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/14 15:54:23 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/14 15:54:21 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/14 15:54:20 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/14 15:54:20 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/14 15:54:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/14 15:54:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/14 15:54:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/14 15:54:19 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/14 15:54:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/14 15:54:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/14 15:54:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/14 15:54:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/14 15:54:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/14 15:54:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/14 15:54:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/14 15:54:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/14 15:54:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/14 15:54:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/07 17:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/12/07 17:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/12/07 17:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/11/22 17:14:06 | 000,000,000 | ---D | C] -- C:\Users\Lana\Desktop\Sled
[1 C:\Users\Lana\Documents\*.tmp files -> C:\Users\Lana\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/21 13:30:55 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EB14D603-CE29-4292-9615-CFC7CED1B9FF}.job
[2010/12/21 13:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FB7C5F23-C2B4-4E1C-A42B-48C33211E3B8}.job
[2010/12/21 13:29:41 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Lana\Desktop\OTL.exe
[2010/12/21 13:27:01 | 000,002,657 | ---- | M] () -- C:\Users\Lana\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2010/12/21 12:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/21 12:32:05 | 008,811,224 | ---- | M] () -- C:\Users\Lana\Desktop\Death Breath (the Toxic Avenger Remix).mp3
[2010/12/21 12:07:28 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/21 12:07:28 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/21 11:51:20 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/12/21 10:40:33 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/21 10:40:33 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/21 10:07:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/21 10:07:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/21 10:07:19 | 3219,709,952 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/20 11:21:23 | 000,002,627 | ---- | M] () -- C:\Users\Lana\Desktop\Microsoft Office Word 2007.lnk
[2010/12/19 17:34:59 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\FlipShare.lnk
[2010/12/19 17:33:48 | 000,024,576 | ---- | M] () -- C:\Users\Lana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/17 08:47:28 | 000,001,153 | ---- | M] () -- C:\Users\Lana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/12/17 08:44:54 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLana.job
[2010/12/16 10:00:35 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Algebrator for Students.lnk
[2010/12/16 09:59:51 | 007,590,055 | ---- | M] (SoftMath Inc ) -- C:\Users\Lana\Desktop\alg502win.exe
[2010/12/15 17:35:16 | 000,184,832 | ---- | M] () -- C:\Users\Lana\Desktop\mss.exe
[2010/12/15 17:12:04 | 000,000,915 | ---- | M] () -- C:\Users\Lana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/15 17:12:00 | 000,000,735 | ---- | M] () -- C:\Users\Lana\Desktop\NTREGOPT.lnk
[2010/12/15 17:11:59 | 000,000,716 | ---- | M] () -- C:\Users\Lana\Desktop\ERUNT.lnk
[2010/12/15 17:11:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Lana\Desktop\erunt-setup.exe
[2010/12/15 17:10:08 | 000,513,320 | ---- | M] () -- C:\Users\Lana\Desktop\erunt.zip
[2010/12/15 16:31:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Lana\Desktop\TFC.exe
[2010/12/15 14:57:49 | 000,506,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/11 18:04:36 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/12/11 18:04:36 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/12/09 11:27:21 | 000,011,188 | ---- | M] () -- C:\Users\Lana\Documents\Bill of sale.docx
[2010/12/07 15:29:33 | 000,350,730 | ---- | M] () -- C:\Users\Lana\Documents\L Peterson.pdf
[2010/12/02 10:04:39 | 000,008,274 | ---- | M] () -- C:\Users\Lana\Desktop\blaze.jpg
[2010/12/01 12:20:27 | 000,007,761 | ---- | M] () -- C:\Users\Lana\Desktop\77102_10150321461500246_669590245_16010100_2579186_n.jpg
[2010/12/01 12:11:21 | 000,007,970 | ---- | M] () -- C:\Users\Lana\Desktop\The Blaze.jpg
[2010/11/30 16:43:17 | 000,481,916 | ---- | M] () -- C:\Users\Lana\Documents\440 Title.pdf
[2010/11/30 12:01:50 | 000,076,613 | ---- | M] () -- C:\Users\Lana\Documents\DPR offer.pdf
[2010/11/30 11:58:27 | 000,076,630 | ---- | M] () -- C:\Users\Lana\Documents\Source Solutions017.pdf
[2010/11/30 11:27:42 | 009,782,117 | ---- | M] () -- C:\Users\Lana\Desktop\Hail_ya.wmv
[1 C:\Users\Lana\Documents\*.tmp files -> C:\Users\Lana\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/21 12:32:05 | 008,811,224 | ---- | C] () -- C:\Users\Lana\Desktop\Death Breath (the Toxic Avenger Remix).mp3
[2010/12/19 17:22:44 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\FlipShare.lnk
[2010/12/17 08:47:28 | 000,001,153 | ---- | C] () -- C:\Users\Lana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/12/16 10:00:35 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Algebrator for Students.lnk
[2010/12/15 17:35:14 | 000,184,832 | ---- | C] () -- C:\Users\Lana\Desktop\mss.exe
[2010/12/15 17:12:04 | 000,000,915 | ---- | C] () -- C:\Users\Lana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/15 17:12:00 | 000,000,735 | ---- | C] () -- C:\Users\Lana\Desktop\NTREGOPT.lnk
[2010/12/15 17:11:59 | 000,000,716 | ---- | C] () -- C:\Users\Lana\Desktop\ERUNT.lnk
[2010/12/15 17:10:03 | 000,513,320 | ---- | C] () -- C:\Users\Lana\Desktop\erunt.zip
[2010/12/11 18:04:36 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/12/07 17:22:00 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/12/07 15:29:30 | 000,350,730 | ---- | C] () -- C:\Users\Lana\Documents\L Peterson.pdf
[2010/12/04 17:49:01 | 000,011,188 | ---- | C] () -- C:\Users\Lana\Documents\Bill of sale.docx
[2010/12/02 10:04:52 | 000,008,274 | ---- | C] () -- C:\Users\Lana\Desktop\blaze.jpg
[2010/12/01 12:20:37 | 000,007,761 | ---- | C] () -- C:\Users\Lana\Desktop\77102_10150321461500246_669590245_16010100_2579186_n.jpg
[2010/12/01 12:11:56 | 000,007,970 | ---- | C] () -- C:\Users\Lana\Desktop\The Blaze.jpg
[2010/11/30 16:43:14 | 000,481,916 | ---- | C] () -- C:\Users\Lana\Documents\440 Title.pdf
[2010/11/30 12:01:50 | 000,076,613 | ---- | C] () -- C:\Users\Lana\Documents\DPR offer.pdf
[2010/11/30 11:58:27 | 000,076,630 | ---- | C] () -- C:\Users\Lana\Documents\Source Solutions017.pdf
[2010/11/30 11:27:42 | 009,782,117 | ---- | C] () -- C:\Users\Lana\Desktop\Hail_ya.wmv
[2010/11/19 17:40:12 | 000,000,680 | ---- | C] () -- C:\Users\Lana\AppData\Local\d3d9caps.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/19 19:48:00 | 000,000,000 | ---- | C] () -- C:\Users\Lana\AppData\Roaming\wklnhst.dat
[2008/05/31 05:39:15 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/02/29 18:46:09 | 000,071,168 | ---- | C] () -- C:\Program Files\keygen.exe
[2008/02/29 18:46:09 | 000,000,474 | ---- | C] () -- C:\Program Files\Install.txt
[2008/02/29 18:46:09 | 000,000,445 | ---- | C] () -- C:\Program Files\Setup.ini
[2008/02/29 18:46:09 | 000,000,300 | ---- | C] () -- C:\Program Files\acadcd.mid
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/11/07 15:27:06 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/11/06 10:13:45 | 000,024,576 | ---- | C] () -- C:\Users\Lana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/05 18:58:17 | 000,000,044 | ---- | C] () -- C:\Windows\EP_CX5000.ini
[2007/10/01 19:21:07 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/05/30 08:53:03 | 000,000,311 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/05/30 08:30:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/05/30 08:18:22 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/05/30 08:18:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 01:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 07:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 07:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 05:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/21 09:31:24 | 000,024,576 | ---- | C] () -- C:\Windows\System32\FloatCvt.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:587EB586

< End of report >

llpeterson · 9 Re: System Tool 2011 Removal on Tue Dec 21, 2010 3:41 pm

llpeterson

Member
Member

OTL logfile created on: 12/21/2010 1:30:28 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Lana\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.90 Gb Total Space | 316.79 Gb Free Space | 69.33% Space Free | Partition Type: NTFS
Drive D: | 8.86 Gb Total Space | 1.01 Gb Free Space | 11.38% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 4.34 Gb Free Space | 99.13% Space Free | Partition Type: UDF

Computer Name: LANA-PC | User Name: Lana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/21 13:29:41 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Lana\Desktop\OTL.exe
PRC - [2010/12/07 17:22:20 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/11/01 21:25:18 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/27 15:39:38 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
PRC - [2010/02/05 16:19:46 | 000,065,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2010/02/05 16:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PRC - [2010/02/05 16:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/17 12:54:40 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2009/08/19 10:09:40 | 000,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/07/20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/07/09 16:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2007/11/27 22:45:02 | 000,869,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
PRC - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/03/01 08:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe

========== Modules (SafeList) ==========

MOD - [2010/12/21 13:29:41 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Lana\Desktop\OTL.exe
MOD - [2010/08/31 08:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/05 16:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2010/02/05 16:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/19 10:09:40 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/07/09 16:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV - [2008/03/07 20:14:34 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/27 22:45:02 | 000,869,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc)
SRV - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ngwfp.sys -- (NgWfp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ngvpn.sys -- (NgVpn)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nglog.sys -- (NgLog)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ngfilter.sys -- (NgFilter)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/02/22 00:44:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/11/27 22:45:00 | 000,091,200 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\msfwdrv.sys -- (MSFWDrv)
DRV - [2007/11/27 22:44:54 | 000,037,440 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\msfwhlpr.sys -- (MSFWHLPR)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/29 03:13:58 | 003,154,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/09/29 03:13:58 | 003,154,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/05/04 01:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/03/19 06:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/03/01 09:21:10 | 001,744,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/10 17:18:00 | 007,409,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/01/15 00:43:28 | 000,354,432 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2007/01/04 09:41:50 | 000,255,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/06/14 08:35:22 | 000,082,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\slabser.sys -- (slabser)
DRV - [2006/06/14 08:35:22 | 000,051,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\slabbus.sys -- (slabbus) Edge Products USB Device driver (WDM)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\tbNCH.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ksl.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\tbNCH.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/11/03 14:26:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/05 12:07:00 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\tbNCH.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\tbNCH.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files\NCH\tbNCH.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus CX5000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Users\Lana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Lana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clydeinc.com ([webmail] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} http://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab (Quantum Streaming IE VersionManager Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img4.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/30 09:03:07 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3738ac9e-dc04-11dc-8278-001bfc520494}\Shell - "" = AutoRun
O33 - MountPoints2\{3738ac9e-dc04-11dc-8278-001bfc520494}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4ec21f4f-da22-11df-b3f0-001bfc520494}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{c0e8e008-708a-11dc-9eea-001bfc520494}\Shell - "" = AutoRun
O33 - MountPoints2\{c0e8e008-708a-11dc-9eea-001bfc520494}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ed836f9e-0b80-11e0-b46d-001bfc520494}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{ed836f9e-0b80-11e0-b46d-001bfc520494}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/21 13:29:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Lana\Desktop\OTL.exe
[2010/12/19 17:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\3ivx
[2010/12/19 17:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Flip Video
[2010/12/19 17:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2010/12/18 15:01:28 | 000,000,000 | ---D | C] -- C:\Users\Lana\Desktop\SJ Stuff
[2010/12/16 10:00:37 | 000,000,000 | ---D | C] -- C:\Algebrator
[2010/12/16 10:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Algebrator
[2010/12/16 09:59:48 | 007,590,055 | ---- | C] (SoftMath Inc ) -- C:\Users\Lana\Desktop\alg502win.exe
[2010/12/15 17:12:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/15 17:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/12/15 17:11:26 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Lana\Desktop\erunt-setup.exe
[2010/12/15 16:31:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Lana\Desktop\TFC.exe
[2010/12/15 14:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\lOhEn06308
[2010/12/14 17:00:32 | 000,000,000 | ---D | C] -- C:\Users\Lana\Documents\Lana pics
[2010/12/14 15:54:55 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/14 15:54:47 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/14 15:54:47 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/14 15:54:45 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/14 15:54:38 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/14 15:54:32 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/14 15:54:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/14 15:54:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/14 15:54:23 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/14 15:54:21 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/14 15:54:20 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/14 15:54:20 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/14 15:54:20 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/14 15:54:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/14 15:54:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/14 15:54:19 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/14 15:54:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/14 15:54:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/14 15:54:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/14 15:54:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/14 15:54:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/14 15:54:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/14 15:54:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/14 15:54:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/14 15:54:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/14 15:54:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/12/07 17:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/12/07 17:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/12/07 17:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/11/22 17:14:06 | 000,000,000 | ---D | C] -- C:\Users\Lana\Desktop\Sled
[1 C:\Users\Lana\Documents\*.tmp files -> C:\Users\Lana\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/21 13:30:55 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EB14D603-CE29-4292-9615-CFC7CED1B9FF}.job
[2010/12/21 13:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FB7C5F23-C2B4-4E1C-A42B-48C33211E3B8}.job
[2010/12/21 13:29:41 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Lana\Desktop\OTL.exe
[2010/12/21 13:27:01 | 000,002,657 | ---- | M] () -- C:\Users\Lana\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2010/12/21 12:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/21 12:32:05 | 008,811,224 | ---- | M] () -- C:\Users\Lana\Desktop\Death Breath (the Toxic Avenger Remix).mp3
[2010/12/21 12:07:28 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/21 12:07:28 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/21 11:51:20 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/12/21 10:40:33 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/21 10:40:33 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/21 10:07:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/21 10:07:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/21 10:07:19 | 3219,709,952 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/20 11:21:23 | 000,002,627 | ---- | M] () -- C:\Users\Lana\Desktop\Microsoft Office Word 2007.lnk
[2010/12/19 17:34:59 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\FlipShare.lnk
[2010/12/19 17:33:48 | 000,024,576 | ---- | M] () -- C:\Users\Lana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/17 08:47:28 | 000,001,153 | ---- | M] () -- C:\Users\Lana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/12/17 08:44:54 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLana.job
[2010/12/16 10:00:35 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Algebrator for Students.lnk
[2010/12/16 09:59:51 | 007,590,055 | ---- | M] (SoftMath Inc ) -- C:\Users\Lana\Desktop\alg502win.exe
[2010/12/15 17:35:16 | 000,184,832 | ---- | M] () -- C:\Users\Lana\Desktop\mss.exe
[2010/12/15 17:12:04 | 000,000,915 | ---- | M] () -- C:\Users\Lana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/15 17:12:00 | 000,000,735 | ---- | M] () -- C:\Users\Lana\Desktop\NTREGOPT.lnk
[2010/12/15 17:11:59 | 000,000,716 | ---- | M] () -- C:\Users\Lana\Desktop\ERUNT.lnk
[2010/12/15 17:11:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Lana\Desktop\erunt-setup.exe
[2010/12/15 17:10:08 | 000,513,320 | ---- | M] () -- C:\Users\Lana\Desktop\erunt.zip
[2010/12/15 16:31:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Lana\Desktop\TFC.exe
[2010/12/15 14:57:49 | 000,506,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/11 18:04:36 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/12/11 18:04:36 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/12/09 11:27:21 | 000,011,188 | ---- | M] () -- C:\Users\Lana\Documents\Bill of sale.docx
[2010/12/07 15:29:33 | 000,350,730 | ---- | M] () -- C:\Users\Lana\Documents\L Peterson.pdf
[2010/12/02 10:04:39 | 000,008,274 | ---- | M] () -- C:\Users\Lana\Desktop\blaze.jpg
[2010/12/01 12:20:27 | 000,007,761 | ---- | M] () -- C:\Users\Lana\Desktop\77102_10150321461500246_669590245_16010100_2579186_n.jpg
[2010/12/01 12:11:21 | 000,007,970 | ---- | M] () -- C:\Users\Lana\Desktop\The Blaze.jpg
[2010/11/30 16:43:17 | 000,481,916 | ---- | M] () -- C:\Users\Lana\Documents\440 Title.pdf
[2010/11/30 12:01:50 | 000,076,613 | ---- | M] () -- C:\Users\Lana\Documents\DPR offer.pdf
[2010/11/30 11:58:27 | 000,076,630 | ---- | M] () -- C:\Users\Lana\Documents\Source Solutions017.pdf
[2010/11/30 11:27:42 | 009,782,117 | ---- | M] () -- C:\Users\Lana\Desktop\Hail_ya.wmv
[1 C:\Users\Lana\Documents\*.tmp files -> C:\Users\Lana\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/21 12:32:05 | 008,811,224 | ---- | C] () -- C:\Users\Lana\Desktop\Death Breath (the Toxic Avenger Remix).mp3
[2010/12/19 17:22:44 | 000,000,961 | ---- | C] () -- C:\Users\Public\Desktop\FlipShare.lnk
[2010/12/17 08:47:28 | 000,001,153 | ---- | C] () -- C:\Users\Lana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/12/16 10:00:35 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Algebrator for Students.lnk
[2010/12/15 17:35:14 | 000,184,832 | ---- | C] () -- C:\Users\Lana\Desktop\mss.exe
[2010/12/15 17:12:04 | 000,000,915 | ---- | C] () -- C:\Users\Lana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/15 17:12:00 | 000,000,735 | ---- | C] () -- C:\Users\Lana\Desktop\NTREGOPT.lnk
[2010/12/15 17:11:59 | 000,000,716 | ---- | C] () -- C:\Users\Lana\Desktop\ERUNT.lnk
[2010/12/15 17:10:03 | 000,513,320 | ---- | C] () -- C:\Users\Lana\Desktop\erunt.zip
[2010/12/11 18:04:36 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/12/07 17:22:00 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/12/07 15:29:30 | 000,350,730 | ---- | C] () -- C:\Users\Lana\Documents\L Peterson.pdf
[2010/12/04 17:49:01 | 000,011,188 | ---- | C] () -- C:\Users\Lana\Documents\Bill of sale.docx
[2010/12/02 10:04:52 | 000,008,274 | ---- | C] () -- C:\Users\Lana\Desktop\blaze.jpg
[2010/12/01 12:20:37 | 000,007,761 | ---- | C] () -- C:\Users\Lana\Desktop\77102_10150321461500246_669590245_16010100_2579186_n.jpg
[2010/12/01 12:11:56 | 000,007,970 | ---- | C] () -- C:\Users\Lana\Desktop\The Blaze.jpg
[2010/11/30 16:43:14 | 000,481,916 | ---- | C] () -- C:\Users\Lana\Documents\440 Title.pdf
[2010/11/30 12:01:50 | 000,076,613 | ---- | C] () -- C:\Users\Lana\Documents\DPR offer.pdf
[2010/11/30 11:58:27 | 000,076,630 | ---- | C] () -- C:\Users\Lana\Documents\Source Solutions017.pdf
[2010/11/30 11:27:42 | 009,782,117 | ---- | C] () -- C:\Users\Lana\Desktop\Hail_ya.wmv
[2010/11/19 17:40:12 | 000,000,680 | ---- | C] () -- C:\Users\Lana\AppData\Local\d3d9caps.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/19 19:48:00 | 000,000,000 | ---- | C] () -- C:\Users\Lana\AppData\Roaming\wklnhst.dat
[2008/05/31 05:39:15 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/02/29 18:46:09 | 000,071,168 | ---- | C] () -- C:\Program Files\keygen.exe
[2008/02/29 18:46:09 | 000,000,474 | ---- | C] () -- C:\Program Files\Install.txt
[2008/02/29 18:46:09 | 000,000,445 | ---- | C] () -- C:\Program Files\Setup.ini
[2008/02/29 18:46:09 | 000,000,300 | ---- | C] () -- C:\Program Files\acadcd.mid
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/11/07 15:27:06 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/11/06 10:13:45 | 000,024,576 | ---- | C] () -- C:\Users\Lana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/05 18:58:17 | 000,000,044 | ---- | C] () -- C:\Windows\EP_CX5000.ini
[2007/10/01 19:21:07 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/05/30 08:53:03 | 000,000,311 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/05/30 08:30:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/05/30 08:18:22 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/05/30 08:18:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 01:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 07:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 07:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 05:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/21 09:31:24 | 000,024,576 | ---- | C] () -- C:\Windows\System32\FloatCvt.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:587EB586

< End of report >

llpeterson · 10 Re: System Tool 2011 Removal on Tue Dec 21, 2010 3:42 pm

llpeterson

Member
Member

OTL Extras logfile created on: 12/21/2010 1:30:28 PM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Lana\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.90 Gb Total Space | 316.79 Gb Free Space | 69.33% Space Free | Partition Type: NTFS
Drive D: | 8.86 Gb Total Space | 1.01 Gb Free Space | 11.38% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 4.34 Gb Free Space | 99.13% Space Free | Partition Type: UDF

Computer Name: LANA-PC | User Name: Lana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{93DDA310-C75D-4262-8D15-642A6D6A5123}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{9AA28DEB-F705-4AC7-A345-EEA7822951E1}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{9EB27DF8-EA40-47DF-8371-0BDCAEAC32F8}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{BAEF45AB-FEE7-4946-B5C8-1F05A609D2C6}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{D7494C60-765D-4C0F-A8B6-A08725D053E7}" = lport=6331 | protocol=6 | dir=in | name=windows live onecare |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{55B23573-203F-4669-8098-48793B7D85CE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5926C467-2425-4422-B8C9-671A327FCEEA}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{66E6F97D-6389-4954-BEBF-9C575A1E3755}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D610F66-E801-402F-95E9-2477BD9DFC2B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7D128B18-2318-4CE4-A48F-498D138341DF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{96E42798-6A73-4DE5-9A6D-FE6D1CC1AE48}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9B5AE35B-75DD-4052-8A9C-C72C44953BC9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A05ADB98-C100-4216-9C5A-2D924286CF2A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C2267F22-B233-4136-9689-7C99108158B6}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D5A1EFCF-208C-4097-8D4B-5110579FED62}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D90FF234-FA13-4302-8CDB-FE2E5079EEC1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E6DCF647-F55A-429A-A9DE-AF441BAB42D6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EE852D0F-07D1-42A2-98DE-141EA606A0CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F050BC35-B8DA-40D6-853D-CD057BEB5691}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F62D2CC7-A913-41D1-843D-31C39864A6E7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F6660178-BBA4-400B-9760-63FE35DC3120}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX5000 Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}" = HP Total Care Advisor
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{336537A8-31B3-43C2-8A7D-32E43748C381}" = Fusion
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EF6FDB0-3B11-4820-9860-8E08E9965195}" = Snapfish Media Detector
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.30
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6B307310-53C1-8F80-465E-E2A96FA5EA5D}" = FlipShare
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79C6D9EB-1267-49F5-9904-9241466D410F}" = Lightning
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3076A28-345A-4d89-90A3-B68866C0DFB8}" = eFax Messenger 4.3
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.30
"{D167DA32-32AB-45FC-AEC1-7380BE2221A2}" = QuickConnect
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = Auslogics Registry Defrag
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3B58D4E-7324-44E4-A6B3-65D2DB8D1FE9}" = Microsoft Protection Service
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Algebrator_is1" = Algebrator 5.0
"AudibleDownloadManager" = Audible Download Manager
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"EDGECOMM&10C4&81AC" = Edge Products USB to Serial Controller
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NCH Toolbar" = NCH Toolbar
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 6.0" = RealPlayer
"Silent Package Run-Time Sample" = EPSON CX5000 Series User's Guide
"WavePad" = WavePad Sound Editor
"WinSS" = Windows Live OneCare

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Free Realms Installer" = Free Realms Installer
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

Sneakyone · 11 Re: System Tool 2011 Removal on Mon Dec 27, 2010 3:04 pm

Sneakyone

Secondary Administrator

Hi,

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Ad Bot

Ad Bot

1 System Tool 2011 Removal on Wed Dec 15, 2010 7:38 pm

llpeterson

2 System Tool 2011 Removal on Wed Dec 15, 2010 7:39 pm

llpeterson

3 System Tool 2011 Removal on Wed Dec 15, 2010 7:42 pm

llpeterson

4 Re: System Tool 2011 Removal on Wed Dec 15, 2010 8:16 pm

Belahzur

5 Re: System Tool 2011 Removal on Wed Dec 15, 2010 8:46 pm

grandin

6 Re: System Tool 2011 Removal on Wed Dec 15, 2010 8:48 pm

grandin

7 Re: System Tool 2011 Removal on Thu Dec 16, 2010 11:48 am

Sneakyone

8 Re: System Tool 2011 Removal on Tue Dec 21, 2010 3:38 pm

llpeterson

9 Re: System Tool 2011 Removal on Tue Dec 21, 2010 3:41 pm

llpeterson

10 Re: System Tool 2011 Removal on Tue Dec 21, 2010 3:42 pm

llpeterson

11 Re: System Tool 2011 Removal on Mon Dec 27, 2010 3:04 pm

Sneakyone

Ad Bot

Log in