Remove-Malware.com Forums

[jenny]

Hey Guys,

I am a novice PC user. My PC is having some issues like shutting down at any time. I decided get some Malware, Spyware cleaning
programs and a friend told me to get HiJack this. Can you look at my list and suggest what files should I select for fix?

BTW; If would appreciate if have any idea of that could help me solve the shut downs.

I also found these hidden files in my Sart Up Programs Files (one seems to be from Dell, but it offers no information);

hiberfil - c:\HIBERFIL.SYS
pagefile - c:\PAGEFILE.SYS
boo - C:\bootmgr
dell - C:\DELL.SDR

Do you have any ideas of what thet may be and if I should remove any?


This is the HijackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:42 a.m., on 08/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HMA! Pro VPN\bin\HMA! Pro VPN.exe
C:\TBS2\PGSQL Tool.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\RunOnce: [Ad-Watch Live!] C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Servicio de actualización de Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\TBS2\pgsql\bin\pg_ctl.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10157 bytes


Thanks a lot!

[FieryDemon]

Hi and welcome!

Those hidden files are ok. What other symptoms are you experiencing? Just the computer keep shutting down randomly? Let's just diagnose to see if you got anything malicious on your computer first.

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please post the contents of these 2 Notepad files in your next reply.

[jenny]

First of all, i am very sorry for my ignorance. What BSOD?

[ALookingInView]

Blue Screen of Death.

[jenny]

I am running the software following your instructions. BTW; The software came up in Spanish so I had to figure out each of your steps. My pc is working okay. But, it is just shutting down randomly. I must add that I have two Window Vista PCs and both are shutting down randomly. I guess that in part it is related to the fact that Vista stink!


OTL logfile created on: 08/08/2010 03:20:33 p.m. - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\xxyxx\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: xxxxxxxx | Country: xxxxxx | Language: ESU | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.52 Gb Total Space | 156.56 Gb Free Space | 54.83% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.37 Gb Free Space | 53.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: xxyxx-PC
Current User Name: xxyxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\xxyxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\HMA! Pro VPN\bin\HMA! Pro VPN.exe (NetcoSolutions)
PRC - C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\HMA! Pro VPN\bin\openvpn.exe ()
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Koe\Magic Article Submitter\Magic Article Submitter.exe (Alexandr Krulik)
PRC - C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe ()
PRC - C:\TBS2\Spider.exe (GungHo Technologies LLC)
PRC - C:\TBS2\PGSQL Tool.exe (GungHo Technologies LLC)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\TBS2\pgsql\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\TBS2\pgsql\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\xxyxx\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (SessionLauncher) -- C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe ()
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (GoogleDesktopManager-010708-104812) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (pgsql-8.3) -- C:\TBS2\pgsql\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RoxLiveShare10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxWatch10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (USBSTOR) -- C:\Windows\System32\drivers\usbstor.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\BCM42RLY.sys File not found
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - ({2E444BE9-B8EC-4CE6-8C2B-6536FB7F4FB7}) -- C:\Program Files\Dell\MediaDirect\000.fcl (Cyberlink Corp.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (BRCMDECO) -- C:\Windows\System32\drivers\BRCMHD32.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=0080605
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://latino.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-PR,en-US;q=0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 32 A4 F8 63 35 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Web Search (powered by Google)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: seodoctor@prelovac.com:1.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: firefox@adhacker.com:0.7
FF - prefs.js..extensions.enabledItems: webrank-toolbar@probcomp.com:3.0
FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:1.54
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: selectivecookiedelete@siju.mathew:3.5
FF - prefs.js..extensions.enabledItems: handyfox@gaixixon:0.1
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1
FF - prefs.js..extensions.enabledItems: {4BCC5CF2-DD1B-4f34-80BA-E5A2355D3936}:0.9.1
FF - prefs.js..extensions.enabledItems: afterthedeadline@afterthedeadline.com:1.30
FF - prefs.js..extensions.enabledItems: {8f5ce3f8-1735-4680-b15e-108f2f50e8ba}:3.0.0
FF - prefs.js..keyword.URL: "http://search.toolbars.alexa.com/?ver=alxf-1.54&src=ab&aid=zxndc10Re%2F00wi&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/06 13:20:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/06 13:20:37 | 000,000,000 | ---D | M]

[2010/07/18 15:45:19 | 000,000,000 | ---D | M] -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Extensions
[2010/07/18 15:45:19 | 000,000,000 | ---D | M] -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/08 12:06:23 | 000,000,000 | ---D | M] -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions
[2010/07/09 12:50:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/08 12:06:23 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/07/24 21:37:52 | 000,000,000 | ---D | M] (Form Saver) -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\{4BCC5CF2-DD1B-4f34-80BA-E5A2355D3936}
[2010/07/08 01:15:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/22 22:20:08 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/08/06 22:40:03 | 000,000,000 | ---D | M] (Amplify) -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\{8f5ce3f8-1735-4680-b15e-108f2f50e8ba}
[2010/07/08 01:49:42 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/07/28 01:13:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/07/08 01:49:42 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/07/28 11:12:21 | 000,000,000 | ---D | M] -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\afterthedeadline@afterthedeadline.com
[2010/07/08 02:57:46 | 000,000,000 | ---D | M] -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\firefox@adhacker.com
[2010/07/23 00:51:46 | 000,000,000 | ---D | M] -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\handyfox@gaixixon
[2010/07/22 22:35:45 | 000,000,000 | ---D | M] -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\selectivecookiedelete@siju.mathew
[2010/07/08 02:55:55 | 000,000,000 | ---D | M] -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\seodoctor@prelovac.com
[2010/07/16 12:59:12 | 000,000,000 | ---D | M] -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\toolbar@alexa.com
[2010/07/08 03:01:33 | 000,000,000 | ---D | M] -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\extensions\webrank-toolbar@probcomp.com
[2010/07/08 03:04:57 | 000,001,492 | ---- | M] () -- C:\Users\xxyxx\AppData\Roaming\Mozilla\Firefox\Profiles\lggt6p26.default\searchplugins\web-search-powered-by-google.xml
[2010/07/08 00:55:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/06 13:20:32 | 000,003,996 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\drae.xml
[2010/08/06 13:20:32 | 000,000,751 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/08/06 13:20:32 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010/08/06 13:20:32 | 000,001,102 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864_02.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864_02.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a3a74411-32cc-11dd-bb16-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a74411-32cc-11dd-bb16-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{a3a74411-32cc-11dd-bb16-806e6f6e6963}\Shell\configure\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{a3a74411-32cc-11dd-bb16-806e6f6e6963}\Shell\install\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/08/08 10:07:20 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/08/08 10:07:19 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/08/08 09:35:32 | 000,000,000 | ---D | C] -- C:\Users\xxyxx\AppData\Local\Sunbelt Software
[2010/08/08 09:24:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/08 09:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/08/08 09:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/08/08 09:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/08 09:09:37 | 000,000,000 | ---D | C] -- C:\Users\xxyxx\AppData\Roaming\WinPatrol
[2010/08/08 09:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/08/07 19:16:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Prefetch
[2010/08/07 19:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Koe
[2010/08/07 07:25:50 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/07 07:21:06 | 000,554,272 | ---- | C] (Microsoft Corporation) -- C:\Users\xxyxx\Desktop\Mats_Run.performance.exe
[2010/07/23 12:26:47 | 000,000,000 | ---D | C] -- C:\Users\xxyxx\Desktop\NEW REPORTS JUNE 17 2010
[2010/07/23 12:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/07/23 11:56:24 | 000,000,000 | ---D | C] -- C:\Users\xxyxx\Documents\proxylist-07-23-10
[2010/07/22 12:20:25 | 000,000,000 | ---D | C] -- C:\Users\xxyxx\Documents\WWT Collections
[2010/07/22 12:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Research
[2010/07/19 01:02:12 | 000,000,000 | ---D | C] -- C:\Users\xxyxx\Documents\proxy
[2010/07/18 15:44:34 | 000,000,000 | ---D | C] -- C:\Users\xxyxx\AppData\Roaming\LimeWire
[2010/07/18 15:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/07/12 02:33:37 | 000,000,000 | ---D | C] -- C:\Users\xxyxx\Documents\OneNote Notebooks
[2010/07/11 01:19:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/07/10 19:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Web Graphics Creator
[2010/07/10 03:54:13 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/07/10 03:24:24 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/08/08 15:29:03 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/08 15:26:34 | 002,097,152 | -HS- | M] () -- C:\Users\xxyxx\ntuser.dat
[2010/08/08 14:08:40 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{966B235F-3840-4ECD-91DC-40C3BA34286A}.job
[2010/08/08 13:48:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/08 13:48:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/08 11:59:53 | 000,706,602 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/08 11:59:53 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/08 11:59:53 | 000,104,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/08 11:49:03 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/08 11:48:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/08 11:48:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/08 11:48:46 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/08 11:47:47 | 000,524,288 | -HS- | M] () -- C:\Users\xxyxx\ntuser.dat{346e37d1-a153-11df-bc24-fd168649b9b9}.TMContainer00000000000000000001.regtrans-ms
[2010/08/08 11:47:47 | 000,065,536 | -HS- | M] () -- C:\Users\xxyxx\ntuser.dat{346e37d1-a153-11df-bc24-fd168649b9b9}.TM.blf
[2010/08/08 11:47:43 | 002,396,257 | -H-- | M] () -- C:\Users\xxyxx\AppData\Local\IconCache.db
[2010/08/08 10:07:19 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/08/08 09:32:58 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/08/08 09:32:58 | 000,001,957 | ---- | M] () -- C:\Users\xxyxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/08 09:24:20 | 000,001,033 | ---- | M] () -- C:\Users\xxyxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/08 09:24:20 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/08/08 09:20:45 | 000,001,876 | ---- | M] () -- C:\Users\xxyxx\Desktop\HijackThis.lnk
[2010/08/07 19:26:09 | 000,011,776 | ---- | M] () -- C:\Users\xxyxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/07 19:16:58 | 000,000,019 | ---- | M] () -- C:\Users\Public\Documents\CTDChannels_Version.3dc48cd1.cdf
[2010/08/07 19:10:18 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Magic Article Submitter.lnk
[2010/08/07 18:54:06 | 000,001,708 | ---- | M] () -- C:\Users\xxyxx\Desktop\Fix it - Microsoft ATS.lnk
[2010/08/07 07:21:26 | 000,554,272 | ---- | M] (Microsoft Corporation) -- C:\Users\xxyxx\Desktop\Mats_Run.performance.exe
[2010/08/06 08:48:09 | 000,524,288 | -HS- | M] () -- C:\Users\xxyxx\ntuser.dat{346e37d1-a153-11df-bc24-fd168649b9b9}.TMContainer00000000000000000002.regtrans-ms
[2010/08/06 08:30:07 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
[2010/08/06 08:13:24 | 000,524,288 | -HS- | M] () -- C:\Users\xxyxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/06 08:13:24 | 000,065,536 | -HS- | M] () -- C:\Users\xxyxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/19 00:53:45 | 000,000,076 | ---- | M] () -- C:\Users\xxyxx\Documents\p30vel.ir.url
[2010/07/19 00:50:35 | 000,002,452 | ---- | M] () -- C:\Users\xxyxx\Documents\postinfo.html
[2010/07/19 00:49:01 | 000,007,265 | ---- | M] () -- C:\Users\xxyxx\Documents\index.php
[2010/07/19 00:48:20 | 000,000,001 | ---- | M] () -- C:\Users\xxyxx\Documents\cpbackup-exclude.conf
[2010/07/18 15:57:42 | 000,001,704 | ---- | M] () -- C:\Users\xxyxx\Desktop\LimeWire 5.5.10.lnk
[2010/07/17 17:56:14 | 000,028,672 | ---- | M] () -- C:\Users\xxyxx\Documents\estimate.xls
[2010/07/17 07:38:34 | 000,000,341 | ---- | M] () -- C:\Users\xxyxx\Desktop\key.zip
[2010/07/16 13:18:10 | 000,000,940 | ---- | M] () -- C:\Users\xxyxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/14 14:57:52 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/07/14 03:07:57 | 000,437,420 | ---- | M] () -- C:\Users\xxyxx\Documents\BlogsForArticleWriter4Hire_Posts.xlsx
[2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/07/10 19:11:27 | 000,000,874 | ---- | M] () -- C:\Users\xxyxx\Desktop\The Web Graphics Creator.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/08/08 09:32:58 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/08/08 09:32:58 | 000,001,957 | ---- | C] () -- C:\Users\xxyxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/08 09:24:41 | 000,001,022 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/08 09:24:41 | 000,001,018 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/08 09:24:20 | 000,001,033 | ---- | C] () -- C:\Users\xxyxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/08 09:24:20 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/08/08 09:20:45 | 000,001,876 | ---- | C] () -- C:\Users\xxyxx\Desktop\HijackThis.lnk
[2010/08/07 19:16:58 | 000,000,019 | ---- | C] () -- C:\Users\Public\Documents\CTDChannels_Version.3dc48cd1.cdf
[2010/08/07 19:10:18 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Magic Article Submitter.lnk
[2010/08/06 08:19:38 | 000,524,288 | -HS- | C] () -- C:\Users\xxyxx\ntuser.dat{346e37d1-a153-11df-bc24-fd168649b9b9}.TMContainer00000000000000000002.regtrans-ms
[2010/08/06 08:19:38 | 000,524,288 | -HS- | C] () -- C:\Users\xxyxx\ntuser.dat{346e37d1-a153-11df-bc24-fd168649b9b9}.TMContainer00000000000000000001.regtrans-ms
[2010/08/06 08:19:38 | 000,065,536 | -HS- | C] () -- C:\Users\xxyxx\ntuser.dat{346e37d1-a153-11df-bc24-fd168649b9b9}.TM.blf
[2010/08/06 08:19:16 | 3747,655,680 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/19 00:53:43 | 000,000,076 | ---- | C] () -- C:\Users\xxyxx\Documents\p30vel.ir.url
[2010/07/19 00:50:35 | 000,002,452 | ---- | C] () -- C:\Users\xxyxx\Documents\postinfo.html
[2010/07/19 00:49:01 | 000,007,265 | ---- | C] () -- C:\Users\xxyxx\Documents\index.php
[2010/07/19 00:48:20 | 000,000,001 | ---- | C] () -- C:\Users\xxyxx\Documents\cpbackup-exclude.conf
[2010/07/18 15:43:29 | 000,001,704 | ---- | C] () -- C:\Users\xxyxx\Desktop\LimeWire 5.5.10.lnk
[2010/07/17 17:56:08 | 000,028,672 | ---- | C] () -- C:\Users\xxyxx\Documents\estimate.xls
[2010/07/17 07:38:24 | 000,000,341 | ---- | C] () -- C:\Users\xxyxx\Desktop\key.zip
[2010/07/16 13:18:10 | 000,000,940 | ---- | C] () -- C:\Users\xxyxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/15 19:46:29 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
[2010/07/14 14:57:52 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/07/14 03:07:56 | 000,437,420 | ---- | C] () -- C:\Users\xxyxx\Documents\BlogsForArticleWriter4Hire_Posts.xlsx
[2010/07/10 19:11:19 | 000,000,874 | ---- | C] () -- C:\Users\xxyxx\Desktop\The Web Graphics Creator.lnk
[2010/07/07 23:18:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/06/05 10:54:53 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/06/05 10:54:53 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/06/05 10:54:53 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/06/05 10:54:53 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/06/05 10:54:53 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/06/05 10:54:50 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/06/05 08:18:31 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >

[jenny]

OTL Extras logfile created on: 08/08/2010 03:20:33 p.m. - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\xxyxx\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 0000500A | Country: xxxxx | Language: ESU | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.52 Gb Total Space | 156.56 Gb Free Space | 54.83% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.37 Gb Free Space | 53.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: xxyxx
Current User Name: xxyxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7E5AFF96-D51B-4D62-BBC0-E40A2B1EAE5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{962BAE4C-75EE-487D-9A8E-9ACDE6F86799}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CDD5C2F5-1E23-423C-B39C-113D28B74D6A}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28DC465C-A7F5-4B4B-8B08-0245E74947AA}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{40C8EA23-4755-42AD-AEC2-987FC3B6C0FF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{43E2D7D5-5963-4059-9FF8-B93E8CB3B6F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{50816DB4-F52C-4D06-8D12-99F221067FB8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{541E20A0-6F5A-4DDF-946A-08D75FD41659}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7D5337A5-D97B-4E12-8CF5-9076D898E297}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{83DFDD67-685E-4185-ABFC-7E9EECC274DB}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{98CB7A59-72A0-4E3F-870E-D9A7C15086B1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9998BB27-B2CD-4477-A7CF-5E9943A44AF2}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A838B658-E423-4BE6-9CBE-1330A7C46287}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B0008CB6-D204-4001-AE7F-85540E59E76B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B70210BB-64AD-41D4-B5AB-346244C381B6}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{C975E451-E082-4E91-B427-7E0A3B539548}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D991EED1-E022-4160-869C-A3F26593533C}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{E261CA1C-72D1-4106-93B9-D985320318DF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{18221AB5-7C3A-401B-BF30-48BD8C8CC469}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{35477440-BF47-4AC8-AF9D-05A9551C3FF3}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{24F69C03-8E0A-459D-966D-0D0101F5FF47}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{726718B3-5619-4749-AD13-D14DA132349F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{04179174-F3AC-4CE6-BBBE-83B46D5041CB}" = SocialBot
"{05554D36-5C86-4BCC-BD48-EC2FC9A631E1}" = Magic Article Submitter
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6831F650-18AD-497B-8F9A-B772B78379D2}" = ArticleBot
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0050048383C9}" = Microsoft FrontPage 2002
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BB2CB14A-F3A3-4BBF-9111-EBC82049ABA6}" = Roxio Creator Premier
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5C7154-98F4-4D44-A58C-8BC19751CCCC}" = Roxio Creator Premier 10
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DA80B9DF-7007-43E7-AED4-DE57952D8924}" = Broadcom High Definition Video Decoder
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"HMA! Pro VPN" = HMA! Pro VPN 2.4
"LimeWire" = LimeWire 5.5.10
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Proxy Checker Lite_is1" = Proxy Checker Lite v1.1
"The Logo Creator v5" = The Logo Creator v5
"The Web Graphics Creator v3" = The Web Graphics Creator v3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TrackbackSpider" = Trackback Spider

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[ALookingInView]

The text in that post doubles as a clickable link that points to Wikipedia's entry for BSOD.
It's explained a lot better there than I'm capable of as well as having pictures.
It doesn't sound to me that you're experiencing this though.

Note: BTW Welcome to rM, but please avoid quoting unless absolutely necessary.

[jenny]

Thanks for the advice!

[jenny]

No, I read the description at Wikipedia. Thanks! But, no... I don't think that BSOD is related to the issue. No blue screen comming up.
It just shuts down at any moment. After the shut down I just turn it on and it starts normally.

[FieryDemon]

recognize this IP? Did you set them?

208.67.222.222
208.67.220.220

Go to Start > run and type sfc /scannow then press ok