Sirs:

Here is my Hijack This log. I am having problems with the Win32Tr/er Agent. Ad Aware detects it, but cannot remove it. I tried running in Safe Mode and deleting it from there, but it didn't help. I am running Vista SP1. Ad Aware 8.0.5. I also have an Ad Aware log file which I can send. I backed up my registry and created a system restore point as you suggested. Thanks, in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:20 PM, on 6/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrotray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL acaptuser32.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RSO3 MiddleTier Service (RSO3MiddleTierService) - Adobe Systems - C:\Program Files\Adobe\Adobe RoboSource Control 3.1\RSO3MiddleTierService.exe
O23 - Service: RSO3 Server Service (RSO3Server) - Adobe Systems - C:\Program Files\Adobe\Adobe RoboSource Control 3.1\RSO3Server.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11757 bytes

hi

Download Rooter.exe to your desktop

• Then doubleclick it to start the tool
• A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1

C:\ [Fixed] - NTFS - (Total:292356 Mo/Free:7 Mo)
D:\ [Fixed] - NTFS - (Total:305242 Mo/Free:1851 Mo)
E:\ [Fixed] - NTFS - (Total:10239 Mo/Free:1198 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Wed 06/03/2009|13:57

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\WLTRYSVC.EXE
---------- C:\Windows\System32\bcmwltry.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------- C:\Windows\system32\WLANExt.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\aestsrv.exe
---------- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\Program Files\McAfee\MSK\MskSrver.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Adobe\Adobe RoboSource Control 3.1\RSO3MiddleTierService.exe
---------- C:\Program Files\Adobe\Adobe RoboSource Control 3.1\RSO3Server.exe
---------- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
---------- C:\Windows\system32\STacSV.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Windows\system32\DRIVERS\xaudio.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\Dwm.exe
---------- c:\PROGRA~1\mcafee.com\agent\mcagent.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Program Files\DellTPad\Apoint.exe
---------- C:\Windows\OEM02Mon.exe
---------- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
---------- C:\Windows\System32\rundll32.exe
---------- C:\Windows\System32\rundll32.exe
---------- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
---------- C:\Windows\System32\WLTRAY.EXE
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\Dell\MediaDirect\PCMService.exe
---------- C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrotray.exe
---------- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
---------- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Skype\Phone\Skype.exe
---------- C:\Windows\ehome\ehtray.exe
---------- C:\Program Files\Windows Media Player\wmpnscfg.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Dell\QuickSet\quickset.exe
---------- C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
---------- C:\Windows\System32\rundll32.exe
---------- C:\Program Files\Windows Media Player\wmpnetwk.exe
---------- C:\Windows\ehome\ehmsas.exe
---------- C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
---------- C:\Program Files\DellTPad\ApMsgFwd.exe
---------- C:\Program Files\DellTPad\HidFind.exe
---------- C:\Program Files\DellTPad\Apntex.exe
---------- C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
---------- C:\Program Files\Skype\Plugin Manager\skypePM.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Windows\system32\SearchProtocolHost.exe
---------- C:\Windows\system32\SearchFilterHost.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Users\siegeltuch\Desktop\Rooter.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Wed 06/03/2009|13:57

----------------------\\ Scan completed at 13:57

hi

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %systemroot%\System32\antiwpa.dll
  %systemroot%\SYSTEM32\wpa.dll
  %systemroot%\setup\scripts\biestart.exe
  %systemroot%\system32\drivers\royal.sys
  %SYSTEMDRIVE%\*.
  %SYSTEMDRIVE%\*.*
  %PROGRAMFILES%\*.
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

OTL logfile created on: 6/3/2009 8:16:13 PM - Run 2
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\siegeltuch\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 212.41 Gb Free Space | 74.40% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 297.81 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 5.17 Gb Free Space | 51.71% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIEGELTUCH-PC
Current User Name: siegeltuch
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\WLTRYSVC.EXE ()
PRC - C:\Windows\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Windows\system32\aestsrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Windows\System32\rpcnetp.exe ()
PRC - C:\Program Files\Adobe\Adobe RoboSource Control 3.1\RSO3MiddleTierService.exe (Adobe Systems)
PRC - C:\Program Files\Adobe\Adobe RoboSource Control 3.1\RSO3Server.exe (Adobe Systems)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Windows\system32\STacSV.exe (IDT, Inc.)
PRC - C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Windows\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
PRC - C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe (TechSmith Corporation)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe (TechSmith Corporation)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Windows\notepad.exe (Microsoft Corporation)
PRC - C:\Users\siegeltuch\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AESTFilters [Auto | Running]) -- C:\Windows\system32\aestsrv.exe (Andrea Electronics Corporation)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService [Auto | Running]) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Running]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-010708-104812 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (GoToAssist [On_Demand | Stopped]) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (rpcnetp [Unknown | Running]) -- C:\Windows\System32\rpcnetp.dll ()
SRV - (RSO3MiddleTierService [Auto | Running]) -- C:\Program Files\Adobe\Adobe RoboSource Control 3.1\RSO3MiddleTierService.exe (Adobe Systems)
SRV - (RSO3Server [Auto | Running]) -- C:\Program Files\Adobe\Adobe RoboSource Control 3.1\RSO3Server.exe (Adobe Systems)
SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (STacSV [Auto | Running]) -- C:\Windows\system32\STacSV.exe (IDT, Inc.)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\Windows\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\bcmwl6.sys (Broadcom Corp.)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (e1express [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (iaStorV [Boot | Running]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\Windows\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\Windows\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\Windows\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\Windows\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\Windows\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (OEM02Dev [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (OEM02Vfx [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\system32\drivers\stwrt.sys (IDT, Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (t3 [On_Demand | Stopped]) -- C:\Windows\system32\drivers\t3.sys (Creative Technology Ltd.)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=6080702
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=6080702
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000002
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.94
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/10 13:09:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 19:44:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 19:44:04 | 00,000,000 | ---D | M]

[2009/02/21 18:34:28 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\mozilla\Extensions
[2008/07/10 12:49:58 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/21 18:34:28 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2009/06/03 18:27:49 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\mozilla\Firefox\Profiles\crzvlvex.default\extensions
[2009/02/18 21:04:30 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\mozilla\Firefox\Profiles\crzvlvex.default\extensions\moveplayer@movenetworks.com
[2009/05/06 13:13:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 19:44:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/03 16:18:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/04/28 19:43:57 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 19:43:57 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/28 19:44:02 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/28 19:44:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/28 19:44:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/28 19:44:02 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/28 19:44:02 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/28 19:44:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/28 19:44:02 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrobat_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\siegeltuch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries0000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries0000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries0000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries0000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O18 - Protocol\Handler\httpx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\httpsx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\system32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1edccd66-60a5-11dd-8335-001d09dd1072}\Shell - "" = AutoRun
O33 - MountPoints2\{1edccd66-60a5-11dd-8335-001d09dd1072}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fc0549bb-0064-11de-9f8c-001d09dd1072}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe ()
O34 - HKLM BootExecute: (*) - * [2009/06/03 20:14:56 | 00,000,000 | R--D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
NetSvcs: AeLookupSvc - C:\Windows\System32\aelupsvc.dll (Microsoft Corporation)
NetSvcs: wercplsupport - C:\Windows\System32\wercplsupport.dll (Microsoft Corporation)
NetSvcs: Themes - C:\Windows\system32\shsvcs.dll (Microsoft Corporation)
NetSvcs: CertPropSvc - C:\Windows\System32\certprop.dll (Microsoft Corporation)
NetSvcs: SCPolicySvc - C:\Windows\System32\certprop.dll (Microsoft Corporation)
NetSvcs: lanmanserver - C:\Windows\system32\srvsvc.dll (Microsoft Corporation)
NetSvcs: gpsvc - C:\Windows\System32\gpsvc.dll (Microsoft Corporation)
NetSvcs: IKEEXT - C:\Windows\System32\ikeext.dll (Microsoft Corporation)
NetSvcs: AudioSrv - C:\Windows\System32\Audiosrv.dll (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility -
NetSvcs: Ias -
NetSvcs: Irmon -
NetSvcs: Nla -
NetSvcs: Ntmssvc -
NetSvcs: NWCWorkstation -
NetSvcs: Nwsapagent -
NetSvcs: Rasauto - C:\Windows\System32\rasauto.dll (Microsoft Corporation)
NetSvcs: Rasman - C:\Windows\System32\rasmans.dll (Microsoft Corporation)
NetSvcs: Remoteaccess - C:\Windows\System32\mprdim.dll (Microsoft Corporation)
NetSvcs: SENS - C:\Windows\System32\sens.dll (Microsoft Corporation)
NetSvcs: Sharedaccess - C:\Windows\System32\ipnathlp.dll (Microsoft Corporation)
NetSvcs: SRService -
NetSvcs: Tapisrv - C:\Windows\System32\tapisrv.dll (Microsoft Corporation)
NetSvcs: Wmi -
NetSvcs: WmdmPmSp -
NetSvcs: TermService - C:\Windows\System32\termsrv.dll (Microsoft Corporation)
NetSvcs: wuauserv - C:\Windows\system32\wuaueng.dll (Microsoft Corporation)
NetSvcs: BITS - C:\Windows\System32\qmgr.dll (Microsoft Corporation)
NetSvcs: ShellHWDetection - C:\Windows\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: LogonHours -
NetSvcs: PCAudit -
NetSvcs: helpsvc -
NetSvcs: uploadmgr -
NetSvcs: iphlpsvc - C:\Windows\System32\iphlpsvc.dll (Microsoft Corporation)
NetSvcs: seclogon - C:\Windows\system32\seclogon.dll (Microsoft Corporation)
NetSvcs: AppInfo - C:\Windows\System32\appinfo.dll (Microsoft Corporation)
NetSvcs: msiscsi - C:\Windows\system32\iscsiexe.dll (Microsoft Corporation)
NetSvcs: MMCSS - C:\Windows\system32\mmcss.dll (Microsoft Corporation)
NetSvcs: ProfSvc - C:\Windows\system32\profsvc.dll (Microsoft Corporation)
NetSvcs: EapHost - C:\Windows\System32\eapsvc.dll (Microsoft Corporation)
NetSvcs: winmgmt - C:\Windows\system32\wbem\WMIsvc.dll (Microsoft Corporation)
NetSvcs: schedule - C:\Windows\system32\schedsvc.dll (Microsoft Corporation)
NetSvcs: SessionEnv - C:\Windows\system32\sessenv.dll (Microsoft Corporation)
NetSvcs: browser - C:\Windows\System32\browser.dll (Microsoft Corporation)
NetSvcs: hkmsvc - C:\Windows\system32\kmsvc.dll (Microsoft Corporation)
SafeBootMin: AppInfo - (Microsoft Corporation)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: CryptSvc - (Microsoft Corporation)
SafeBootMin: DcomLaunch - (Microsoft Corporation)
SafeBootMin: EventLog - (Microsoft Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: KeyIso - (Microsoft Corporation)
SafeBootMin: Lavasoft Ad-Aware Service - (Lavasoft)
SafeBootMin: mcmscsvc - (McAfee, Inc.)
SafeBootMin: MCODS - (McAfee, Inc.)
SafeBootMin: Netlogon - (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PlugPlay - (Microsoft Corporation)
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: ProfSvc - (Microsoft Corporation)
SafeBootMin: RpcSs - (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - (Microsoft Corporation)
SafeBootMin: SWPRV - (Microsoft Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TabletInputService - (Microsoft Corporation)
SafeBootMin: TBS - (Microsoft Corporation)
SafeBootMin: TrustedInstaller - (Microsoft Corporation)
SafeBootMin: VDS - (Microsoft Corporation)
SafeBootMin: vga.sys - (Microsoft Corporation)
SafeBootMin: vgasave.sys - (Microsoft Corporation)
SafeBootMin: volmgr.sys - (Microsoft Corporation)
SafeBootMin: volmgrx.sys - (Microsoft Corporation)
SafeBootMin: Wdf01000.sys - (Microsoft Corporation)
SafeBootMin: WinDefend - (Microsoft Corporation)
SafeBootMin: WinMgmt - (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AFD - (Microsoft Corporation)
SafeBootNet: AppInfo - (Microsoft Corporation)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - (Microsoft Corporation)
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: bowser - (Microsoft Corporation)
SafeBootNet: Browser - (Microsoft Corporation)
SafeBootNet: CryptSvc - (Microsoft Corporation)
SafeBootNet: DcomLaunch - (Microsoft Corporation)
SafeBootNet: dfsc - (Microsoft Corporation)
SafeBootNet: Dhcp - (Microsoft Corporation)
SafeBootNet: DnsCache - (Microsoft Corporation)
SafeBootNet: Dot3Svc - (Microsoft Corporation)
SafeBootNet: Eaphost - (Microsoft Corporation)
SafeBootNet: EventLog - (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: IKEEXT - (Microsoft Corporation)
SafeBootNet: ipnat.sys - (Microsoft Corporation)
SafeBootNet: KeyIso - (Microsoft Corporation)
SafeBootNet: LanmanServer - (Microsoft Corporation)
SafeBootNet: LanmanWorkstation - (Microsoft Corporation)
SafeBootNet: Lavasoft Ad-Aware Service - (Lavasoft)
SafeBootNet: LmHosts - (Microsoft Corporation)
SafeBootNet: mcmscsvc - (McAfee, Inc.)
SafeBootNet: MCODS - (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - (McAfee, Inc.)
SafeBootNet: MPSDrv - (Microsoft Corporation)
SafeBootNet: MPSSvc - (Microsoft Corporation)
SafeBootNet: mrxsmb - (Microsoft Corporation)
SafeBootNet: mrxsmb10 - (Microsoft Corporation)
SafeBootNet: mrxsmb20 - (Microsoft Corporation)
SafeBootNet: NativeWifiP - (Microsoft Corporation)
SafeBootNet: NDIS - (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: Ndisuio - (Microsoft Corporation)
SafeBootNet: NetBIOS - (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetBT - (Microsoft Corporation)
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Netlogon - (Microsoft Corporation)
SafeBootNet: NetMan - (Microsoft Corporation)
SafeBootNet: netprofm - (Microsoft Corporation)
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NlaSvc - (Microsoft Corporation)
SafeBootNet: Nsi - (Microsoft Corporation)
SafeBootNet: nsiproxy.sys - (Microsoft Corporation)
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PlugPlay - (Microsoft Corporation)
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: PolicyAgent - (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: ProfSvc - (Microsoft Corporation)
SafeBootNet: rdbss - (Microsoft Corporation)
SafeBootNet: rdpencdd.sys - (Microsoft Corporation)
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcSs - (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCardSvr - (Microsoft Corporation)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - (Microsoft Corporation)
SafeBootNet: SharedAccess - (Microsoft Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SWPRV - (Microsoft Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TabletInputService - (Microsoft Corporation)
SafeBootNet: TBS - (Microsoft Corporation)
SafeBootNet: Tcpip - (Microsoft Corporation)
SafeBootNet: TDI - Driver Group
SafeBootNet: TrustedInstaller - (Microsoft Corporation)
SafeBootNet: VDS - (Microsoft Corporation)
SafeBootNet: vga.sys - (Microsoft Corporation)
SafeBootNet: vgasave.sys - (Microsoft Corporation)
SafeBootNet: volmgr.sys - (Microsoft Corporation)
SafeBootNet: volmgrx.sys - (Microsoft Corporation)
SafeBootNet: Wdf01000.sys - (Microsoft Corporation)
SafeBootNet: WinDefend - (Microsoft Corporation)
SafeBootNet: WinMgmt - (Microsoft Corporation)
SafeBootNet: Wlansvc - (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AAC3F1F0-5649-4670-A698-F1523729F015} - Microsoft .NET Framework 1.1 Hotfix (KB929729)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DE08CE0C-6471-4D99-32F9-85E05D85DF17} - Browser Customizations
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: aux - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\system32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\system32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\system32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\system32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\system32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/06/03 20:08:46 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Users\siegeltuch\Desktop\OTL.exe
[2009/06/03 13:57:04 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/03 13:56:35 | 00,267,612 | ---- | C] () -- C:\Users\siegeltuch\Desktop\Rooter.exe
[2009/06/03 11:18:03 | 00,001,113 | ---- | C] () -- C:\Users\siegeltuch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/06/03 11:18:03 | 00,000,000 | ---D | C] -- C:\Users\siegeltuch\Documents\OneNote Notebooks
[2009/06/02 21:50:37 | 00,001,876 | ---- | C] () -- C:\Users\siegeltuch\Desktop\HijackThis.lnk
[2009/06/02 21:50:37 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/02 21:46:43 | 00,000,218 | ---- | C] () -- C:\Users\siegeltuch\Desktop\RegistryBackup_6_2_09.reg
[2009/06/02 21:38:06 | 00,001,856 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2009/06/02 21:37:56 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/06/02 21:12:02 | 00,056,680 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2009/06/02 20:54:33 | 37,539,92192 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/31 13:38:19 | 00,001,659 | ---- | C] () -- C:\Users\siegeltuch\Desktop\Command Prompt.lnk
[2009/05/29 21:15:47 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/05/29 21:15:47 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/05/29 21:15:47 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/05/29 21:15:47 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/05/29 21:15:47 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/05/29 21:15:47 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/05/29 21:15:46 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/05/29 21:15:46 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/05/29 21:15:46 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/05/29 21:15:46 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/05/29 21:15:46 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/05/29 21:15:46 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/05/29 21:15:46 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/05/29 21:15:46 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/05/29 21:15:46 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/05/29 21:15:46 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/05/29 21:15:46 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/05/29 21:15:46 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/05/29 21:15:46 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/05/29 21:15:45 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/05/29 21:15:45 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/05/29 21:15:45 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/05/29 21:15:45 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/05/29 21:15:45 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/05/29 21:15:45 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/05/29 21:15:45 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/05/29 21:15:45 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/05/29 21:15:45 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/05/29 21:15:45 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/05/29 21:15:45 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/05/29 21:15:45 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/05/29 21:15:45 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/05/29 21:15:44 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/05/29 21:15:44 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/05/29 21:15:44 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/05/29 21:15:44 | 00,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/05/29 21:15:44 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/05/29 21:15:44 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/05/29 21:15:43 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/05/29 21:15:43 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/05/29 21:15:43 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/05/29 21:15:43 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/05/29 21:15:43 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/05/29 21:15:43 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/05/29 21:15:43 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/05/29 21:15:43 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/05/29 21:15:43 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/05/29 21:15:43 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/05/29 21:15:43 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/05/29 21:15:43 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/05/29 21:15:42 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/05/29 21:15:42 | 01,206,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/05/29 21:15:42 | 00,914,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/05/29 21:15:41 | 11,063,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/05/29 21:15:41 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/05/11 17:14:36 | 02,452,986 | ---- | C] () -- C:\Users\siegeltuch\Desktop\158720181xxf.pdf
[2009/05/08 21:49:26 | 00,000,796 | ---- | C] () -- C:\Users\siegeltuch\Desktop\Wm7 - Shortcut.lnk
[2009/05/08 21:47:27 | 00,000,552 | ---- | C] () -- C:\Windows\WM7.INI
[2009/05/08 21:47:22 | 00,209,920 | ---- | C] () -- C:\Windows\iun3401.exe
[2009/05/08 21:47:22 | 00,000,000 | ---D | C] -- C:\Program Files\WillMaker 7
[2009/05/06 13:11:53 | 00,000,013 | ---- | C] () -- C:\Windows\System32\WinSys32.crc
[2009/05/06 13:11:52 | 00,000,792 | ---- | C] () -- C:\Users\Public\Desktop\CoffeeCup HTML Editor 2008.lnk
[2009/05/06 13:10:57 | 00,913,560 | ---- | C] (WeOnlyDo! Inc.) -- C:\Windows\System32\wodFtpDLX.ocx
[2009/05/06 13:09:41 | 00,233,472 | ---- | C] (Creative Development LTD) -- C:\Windows\System32\Ilda32.dll
[2009/05/06 13:09:40 | 00,000,000 | ---D | C] -- C:\Program Files\CoffeeCup Software
[2009/03/04 09:58:04 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/11 18:06:27 | 00,000,071 | ---- | C] () -- C:\Windows\updates.ini
[2008/07/27 11:04:08 | 00,148,480 | R--- | C] () -- C:\Windows\System32\OemSpiE.dll
[2008/07/27 11:04:08 | 00,000,821 | R--- | C] () -- C:\Windows\Cfg02Sp.ini
[2008/07/27 11:04:08 | 00,000,819 | R--- | C] () -- C:\Windows\Cfg03Sp.ini
[2008/07/27 11:04:08 | 00,000,730 | R--- | C] () -- C:\Windows\Cfg01Sp.ini
[2008/07/27 11:04:08 | 00,000,548 | R--- | C] () -- C:\Windows\Cfg01APR.ini
[2008/07/27 11:04:08 | 00,000,455 | R--- | C] () -- C:\Windows\Cfg02Hp.ini
[2008/07/27 11:04:08 | 00,000,455 | R--- | C] () -- C:\Windows\Cfg02DO.ini
[2008/07/27 11:04:08 | 00,000,455 | R--- | C] () -- C:\Windows\Cfg01Hp.ini
[2008/07/27 11:04:08 | 00,000,455 | R--- | C] () -- C:\Windows\Cfg01DO.ini
[2008/07/27 11:04:08 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg03RMi.ini
[2008/07/27 11:04:08 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg03RLI.ini
[2008/07/27 11:04:08 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg03Hp.ini
[2008/07/27 11:04:08 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg03FMi.ini
[2008/07/27 11:04:08 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg03DO.ini
[2008/07/27 11:04:08 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg03DI.ini
[2008/07/27 11:04:08 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg02RMi.ini
[2008/07/27 11:04:08 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg02RLI.ini
[2008/07/27 11:04:08 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg02FMi.ini
[2008/07/27 11:04:08 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg02DI.ini
[2008/07/27 11:04:08 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg01Mic.ini
[2008/07/27 11:04:08 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg01LI.ini
[2008/07/27 11:04:08 | 00,000,453 | R--- | C] () -- C:\Windows\Cfg01DI.ini
[2008/07/27 11:03:49 | 00,105,472 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/07/27 11:03:49 | 00,067,072 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/07/20 21:25:46 | 00,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2008/07/02 14:57:02 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/02 12:21:36 | 00,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/04/30 17:04:58 | 00,008,192 | ---- | C] ( ) -- C:\Windows\System32\cshost.dll
[2008/01/18 03:33:29 | 00,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:23:31 | 00,000,185 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\System32\*.tmp files]
[2009/06/03 20:09:15 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2009/06/03 20:09:15 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2009/06/03 20:08:47 | 00,017,991 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/06/03 20:08:46 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\siegeltuch\Desktop\OTL.exe
[2009/06/03 20:08:18 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/03 18:17:39 | 00,055,058 | ---- | M] () -- C:\Users\siegeltuch\AppData\Roaming\nvModes.001
[2009/06/03 18:17:37 | 00,055,058 | ---- | M] () -- C:\Users\siegeltuch\AppData\Roaming\nvModes.dat
[2009/06/03 18:00:08 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2009/06/03 17:59:58 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/03 17:59:58 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/03 17:59:57 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/03 17:59:49 | 37,539,92192 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/03 17:59:45 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2009/06/03 13:56:35 | 00,267,612 | ---- | M] () -- C:\Users\siegeltuch\Desktop\Rooter.exe
[2009/06/03 11:18:03 | 00,001,113 | ---- | M] () -- C:\Users\siegeltuch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/06/02 21:50:37 | 00,001,876 | ---- | M] () -- C:\Users\siegeltuch\Desktop\HijackThis.lnk
[2009/06/02 21:46:43 | 00,000,218 | ---- | M] () -- C:\Users\siegeltuch\Desktop\RegistryBackup_6_2_09.reg
[2009/06/02 21:38:06 | 00,001,856 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2009/06/01 20:14:26 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/06/01 20:14:20 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/05/31 13:38:19 | 00,001,659 | ---- | M] () -- C:\Users\siegeltuch\Desktop\Command Prompt.lnk
[2009/05/31 13:38:19 | 00,000,450 | -HS- | M] () -- C:\Users\siegeltuch\Desktop\desktop.ini
[2009/05/29 21:22:11 | 00,267,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/05/24 17:42:36 | 00,002,487 | ---- | M] () -- C:\Users\siegeltuch\Desktop\Microsoft Office Visio 2003.lnk
[2009/05/08 21:49:26 | 00,000,796 | ---- | M] () -- C:\Users\siegeltuch\Desktop\Wm7 - Shortcut.lnk
[2009/05/08 21:47:35 | 00,000,552 | ---- | M] () -- C:\Windows\WM7.INI
[2009/05/08 21:47:22 | 00,000,185 | ---- | M] () -- C:\Windows\win.ini
[2009/05/08 21:46:54 | 00,209,920 | ---- | M] () -- C:\Windows\iun3401.exe
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/05/06 13:16:39 | 00,000,013 | ---- | M] () -- C:\Windows\System32\WinSys32.crc
[2009/05/06 13:11:52 | 00,000,792 | ---- | M] () -- C:\Users\Public\Desktop\CoffeeCup HTML Editor 2008.lnk

========== LOP Check ==========

[2009/03/11 15:06:08 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming
[2008/07/14 20:23:41 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\Absolute
[2008/08/03 17:25:41 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\Adobe
[2008/08/03 17:25:28 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\Adobe Systems Incorporated
[2008/07/09 17:22:17 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\Creative
[2008/07/10 11:27:15 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\Google
[2008/07/09 17:13:04 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\Identities
[2008/07/10 11:35:07 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\Macromedia
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\Media Center Programs
[2009/06/03 11:18:04 | 00,000,000 | --SD | M] -- C:\Users\siegeltuch\AppData\Roaming\Microsoft
[2008/07/10 12:49:58 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\Mozilla
[2009/03/11 15:06:08 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\MusicNet
[2009/02/20 15:51:41 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\Real
[2009/06/03 19:30:14 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\Skype
[2009/06/03 18:17:41 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\skypePM
[2009/02/21 18:34:20 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\TomTom
[2009/01/29 09:52:30 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\U3
[2008/07/10 11:45:30 | 00,000,000 | ---D | M] -- C:\Users\siegeltuch\AppData\Roaming\WinRAR
[2009/06/01 20:14:26 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2008/07/02 12:41:55 | 00,000,356 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2008/07/02 12:41:55 | 00,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/06/03 17:59:57 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/06/03 14:02:02 | 00,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


========== Custom Scans ==========


< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %SYSTEMDRIVE%\*. >
[2009/06/03 20:14:56 | 00,000,000 | R--D | M] -- C:
[2008/07/09 17:13:30 | 00,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008/02/03 19:06:57 | 00,000,000 | -HSD | M] -- C:\Boot
[2008/07/14 20:15:28 | 00,000,000 | ---D | M] -- C:\DELL
[2008/07/02 14:51:07 | 00,000,000 | ---D | M] -- C:\doctemp
[2008/07/02 12:20:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2008/07/02 14:51:05 | 00,000,000 | ---D | M] -- C:\Drivers
[2008/07/02 12:22:26 | 00,000,000 | RH-D | M] -- C:\MSOCache
[2008/01/20 22:32:31 | 00,000,000 | ---D | M] -- C:\PerfLogs
[2009/06/02 21:50:37 | 00,000,000 | R--D | M] -- C:\Program Files
[2009/06/03 13:31:45 | 00,000,000 | -H-D | M] -- C:\ProgramData
[2009/02/13 13:35:13 | 00,000,000 | ---D | M] -- C:\RoboHelp7Data
[2009/06/03 13:57:15 | 00,000,000 | ---D | M] -- C:\Rooter$
[2009/06/03 12:47:35 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2008/07/14 20:25:24 | 00,000,000 | ---D | M] -- C:\Temp
[2008/07/09 17:12:28 | 00,000,000 | R--D | M] -- C:\Users
[2009/06/03 18:00:13 | 00,000,000 | ---D | M] -- C:\Windows

< %SYSTEMDRIVE%\*.* >
[2009/06/03 17:59:46 | 00,023,918 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 17:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 22:24:42 | 00,333,203 | RHS- | M] () -- C:\bootmgr
[2006/09/18 17:43:37 | 00,000,010 | ---- | M] () -- C:\config.sys
[2008/07/02 14:57:14 | 00,005,533 | RH-- | M] () -- C:\dell.sdr
[2009/06/03 17:59:49 | 37,539,92192 | -HS- | M] () -- C:\hiberfil.sys
[2008/07/02 12:21:33 | 00,026,927 | ---- | M] () -- C:\newfile.enc
[2008/07/02 12:21:33 | 00,026,927 | ---- | M] () -- C:\newkey
[2009/06/03 17:59:47 | 40,696,50432 | -HS- | M] () -- C:\pagefile.sys
[2009/06/03 13:57:15 | 00,005,215 | ---- | M] () -- C:\Rooter.txt
[2008/07/02 12:21:31 | 00,002,090 | ---- | M] () -- C:\SetWiFiBT.txt
[2008/07/02 12:39:04 | 00,000,071 | ---- | M] () -- C:\SystemInfo.ini

< %PROGRAMFILES%\*. >
[2009/06/02 21:50:37 | 00,000,000 | R--D | M] -- C:\Program Files
[2008/07/10 12:57:21 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/07/02 12:38:01 | 00,000,000 | ---D | M] -- C:\Program Files\AOL Install
[2009/02/09 18:25:58 | 00,000,000 | ---D | M] -- C:\Program Files\Audacity
[2008/11/22 15:51:05 | 00,000,000 | ---D | M] -- C:\Program Files\BIAS
[2009/03/02 20:19:03 | 00,000,000 | ---D | M] -- C:\Program Files\Boson Software
[2008/07/02 12:19:31 | 00,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2008/07/02 12:21:50 | 00,000,000 | ---D | M] -- C:\Program Files\Cisco
[2009/02/17 14:16:44 | 00,000,000 | ---D | M] -- C:\Program Files\Cisco Press
[2008/07/02 12:34:55 | 00,000,000 | ---D | M] -- C:\Program Files\Citrix
[2009/05/06 13:16:42 | 00,000,000 | ---D | M] -- C:\Program Files\CoffeeCup Software
[2009/03/30 20:01:44 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/07/02 07:02:19 | 00,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/07/27 11:32:58 | 00,000,000 | ---D | M] -- C:\Program Files\Creative
[2008/07/02 12:20:08 | 00,000,000 | ---D | M] -- C:\Program Files\Creative Live! Cam
[2008/07/02 12:31:19 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/07/02 12:40:23 | 00,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/07/02 12:27:10 | 00,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2008/07/02 12:29:56 | 00,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2008/07/02 14:56:58 | 00,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2008/07/02 12:19:26 | 00,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2008/07/02 12:39:03 | 00,000,000 | ---D | M] -- C:\Program Files\EarthLink Setup
[2008/07/14 20:15:28 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2009/03/21 18:28:16 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/06/01 13:29:46 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/07/02 12:13:45 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/03/30 20:01:57 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2008/07/14 20:31:45 | 00,000,000 | ---D | M] -- C:\Program Files\LFLInstall
[2009/04/18 16:52:08 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee
[2008/07/02 12:28:08 | 00,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/03/04 09:56:44 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/05/29 21:17:48 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/07/02 12:24:12 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/07/02 12:18:35 | 00,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2008/01/20 22:35:17 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/05/06 13:13:18 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/07/20 20:26:26 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/07/02 12:18:59 | 00,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2008/07/02 12:22:04 | 00,000,000 | ---D | M] -- C:\Program Files\NetZeroInstallers
[2009/02/20 15:42:43 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/07/02 12:34:39 | 00,000,000 | ---D | M] -- C:\Program Files\Roxio
[2008/07/02 07:02:06 | 00,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2008/08/03 16:18:43 | 00,000,000 | ---D | M] -- C:\Program Files\Skype
[2008/07/27 16:34:04 | 00,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2009/02/21 18:20:07 | 00,000,000 | ---D | M] -- C:\Program Files\TomTom DesktopSuite
[2009/06/02 21:50:37 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 09:01:55 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/05/08 21:47:22 | 00,000,000 | ---D | M] -- C:\Program Files\WillMaker 7
[2008/01/20 22:35:18 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/01/20 22:35:15 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/01/20 22:35:09 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/01/20 22:35:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/05/14 10:21:59 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/03/12 10:12:31 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/20 22:35:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/20 22:35:17 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/07/10 11:45:13 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/06/02 21:37:57 | 00,000,000 | ---D | M] -- C:\Program Files\WinZip
[2008/07/02 12:25:57 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/01/20 15:06:33 | 00,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry
< End of report >

Thanks for keeping an eye on this. Second file to follow.

OTL Extras logfile created on: 6/3/2009 8:11:52 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\siegeltuch\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 212.40 Gb Free Space | 74.40% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 297.81 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 5.17 Gb Free Space | 51.71% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIEGELTUCH-PC
Current User Name: siegeltuch
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
File not found -- Reg Error: Unknown registry data type
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========


========== Vista Active Application Exception List ==========

{0416F0A5-BF89-4928-A7BB-6FC2C4C90426} = DIR=IN | APP=C:\PROGRAM FILES\DELL\MEDIADIRECT\KERNEL\DMP\CLBROWSERENGINE.EXE |
{178D1C8B-4EC8-4BDF-B1F0-EA22F9CD64B0} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\YAHOO!\YAHOO! MUSIC JUKEBOX\YAHOOMUSICENGINE.EXE |
{2F0B3F1F-A0F6-47EF-B404-2D28E0DF882F} = DIR=IN | APP=C:\PROGRAM FILES\DELL\MEDIADIRECT\MEDIADIRECT.EXE |
{6948106D-870A-42AA-9708-31B77D024BF7} = DIR=IN | APP=C:\PROGRAM FILES\DELL\MEDIADIRECT\PCMSERVICE.EXE |
{762B5E90-759C-4FED-9885-B3AF66043872} = DIR=IN | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{95069398-2244-4249-BDDE-454C8D6A2D34} = DIR=IN | APP=C:\PROGRAM FILES\DELL\MEDIADIRECT\KERNEL\DMS\CLMSSERVICE.EXE |
{9C7D27DC-FC63-45B5-9580-4736858E659D} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\YAHOO!\YAHOO! MUSIC JUKEBOX\YAHOOMUSICENGINE.EXE |
{C3715255-6D30-4644-B1AF-520DB7A9B95D} = DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE |
{CFB993A8-C6F9-40A9-B79A-DB86B90D941D} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{E7DD6E1F-B74A-4845-AAB5-196A5187D5B6} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{12F69331-DCBB-46D5-B475-6BFD0F9048B3}" = Boson Exam Environment
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{2C1D09AC-88B3-465F-9EBF-B475602CDEB1}" = TSI
"{2C1D09AC-88B3-465F-9EBF-B475602CDEB1} Adobe Technical Communication Suite" = Adobe Technical Communication Suite
"{2E7B6B00-5ECD-49A1-8FD4-4B647C5D8027}" = Adobe Captivate 3
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{305AA0B5-6298-4C99-AEB5-8ED1F3D0E007}" = FMSuitePlugin
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33AEC590-F2D8-4060-B01B-2C28AA9DB33D}" = Microsoft Office Visio 2003 Step by Step
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5E032B96-7756-45E4-B1C2-2ECC8C755912}" = Boson NetSim for CCNA 7.0
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{61838F4E-4C4E-4251-8689-C660199DA084}" = Adobe RoboHelp 7.0.1
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{7961C367-4C84-4B42-8642-3B3B021B5B8E}" = Adobe RoboHelp 7
"{7B4CA480-7321-4AD4-BED1-F7177671C37E}" = Adobe FrameMaker 8
"{7CF6E959-07C5-4F5B-AAEC-7406DFFDC20E}" = Adobe FrameMaker v7.2
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{8A6441D1-632B-4220-9A3E-E30BA10277A7}" = Adobe FrameMaker 8 p277 Patcher
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9312E9B8-129A-4025-8F88-8A0581CC7C4C}" = RoboSource Control 3.1
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A55ACE70-01FA-4821-89A6-43CACF226ACF}" = Adobe RoboHelp 7.0.3
"{AC76BA86-1033-F400-7761-000000000003}" = Adobe Acrobat 3D version 8
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C6A3F6EA-EAAD-49F0-8DDF-B2483D07B56B}" = Adobe FrameMaker 8 p273 Patcher
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7FEF7E8-DF29-4D3D-A1B3-4547E9CD77CE}" = Adobe RoboHelp 7.0.2
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FD022B2B-F1D9-4E27-851C-FFF260262E97}" = BIAS SoundSoap SE 2.1.1
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 3D version 8" = Adobe Acrobat 3D version 8.1.5
"Adobe Acrobat 3D version 8_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe FrameMaker 7.0" = Adobe FrameMaker v7.0
"Adobe RoboHelp 7" = Adobe RoboHelp 7
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Audacity_is1" = Audacity 1.2.6
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CoffeeCup HTML Editor 2008" = CoffeeCup HTML Editor 2008
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{5E032B96-7756-45E4-B1C2-2ECC8C755912}" = Boson NetSim for CCNA 7.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Route Dynamics" = Route Dynamics
"WillMaker" = WillMaker 7
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2009 2:05:47 PM | Computer Name = siegeltuch-PC | Source = Perflib | ID = 1008
Description =

Error - 5/27/2009 2:05:48 PM | Computer Name = siegeltuch-PC | Source = Perflib | ID = 1008
Description =

Error - 5/27/2009 9:10:11 PM | Computer Name = siegeltuch-PC | Source = Perflib | ID = 1010
Description =

Error - 5/27/2009 9:10:12 PM | Computer Name = siegeltuch-PC | Source = Perflib | ID = 1008
Description =

Error - 5/28/2009 2:45:07 PM | Computer Name = siegeltuch-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/28/2009 10:25:04 PM | Computer Name = siegeltuch-PC | Source = EventSystem | ID = 4621
Description =

Error - 5/29/2009 10:38:09 AM | Computer Name = siegeltuch-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/29/2009 9:22:46 PM | Computer Name = siegeltuch-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/30/2009 12:05:38 PM | Computer Name = siegeltuch-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/30/2009 10:16:39 PM | Computer Name = siegeltuch-PC | Source = EventSystem | ID = 4622
Description =

[ Media Center Events ]
Error - 4/29/2009 11:34:11 PM | Computer Name = siegeltuch-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 5/16/2009 3:31:47 PM | Computer Name = siegeltuch-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/16/2009 3:31:48 PM | Computer Name = siegeltuch-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/16/2009 7:49:31 PM | Computer Name = siegeltuch-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/16/2009 7:49:31 PM | Computer Name = siegeltuch-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/16/2009 7:49:32 PM | Computer Name = siegeltuch-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/16/2009 7:49:33 PM | Computer Name = siegeltuch-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/16/2009 7:49:34 PM | Computer Name = siegeltuch-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/16/2009 7:49:35 PM | Computer Name = siegeltuch-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/16/2009 7:49:36 PM | Computer Name = siegeltuch-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/17/2009 3:57:14 PM | Computer Name = siegeltuch-PC | Source = HTTP | ID = 15016
Description =


< End of report >

hi

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

use Fast Reply when posting

do you have the kaspersky log ?

No Malware was detected by Kaspersky. I haven't had any prompts from Ad Aware in a while, so it may have been removed. I'll restart and see what happens. If so, thanks again for the help.

Your logs are clean


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here
  
  
  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
  
• FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  
  
• Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
  
  
• Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

I'm afraid I spoke too soon. I restarted and got the old message. I'll take care of all the things listed here once I'm sure it's gone. A few questions:

It looks like Erunt is only for XP. Is this correct?
Spyware Blaster or Spyware Guard can be used with Ad Aware?

What message ? Does it say where abouts its found


ERUNT works on Vista as well


Yes those two programs work with Ad-Aware

The one I got originally. Process blocked. Win32TrojanDownloader Agent.

Ad Aware sends me this message every hour or so. I click OK. I think the Trojan reinstalls itself whenever I boot up. I had something like this several years ago and I had to go into safe mode and delete some files to get rid of it.

If it doesn't give you a file path for it then ignore it

Is this a false positive? The full message reads:

Ad-Watch Live has blocked the process rpcnet (4532) from starting on your system. This process has been identified as Win32TrojanDownloaderAgent.

I also got a message this morning that there was an attempt to change my IE Explorer default setting. (I don't use IE.)

Is this the same as win32tr\.\kerdelf

How to remove?

I'm a little confused at this point. I have followed the procedures outlined above and I am still getting the error message from Ad-Aware that says something is trying to execute rpcnet.exe. I get this message every hour or so. The original scan showed Win32TR/er Agent with a TAI of 10. I have had no problems using the machine nor have I encountered any access problems on the Internet or redirection. I do not used IE so that may be why. All the scans I ran show no problems as you can see above. Any suggestions?

It must be a mistake, just ignore it

This issue was supposed to be resolved a few days ago with definitions 0148.0042:

http://www.lavasoftsupport.com/index.php?s...mp;#entry105028

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !