Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hijacked?

Started by mojoanna1 , Aug 19 2011 04:12 PM

This topic is locked

#1
mojoanna1

Posted 19 August 2011 - 04:12 PM

Member

Member
30 posts

Hi,
I have been having a problem with my laptop that is driving me nuts! Have been working on it for about a month but can't seem to fix it. My son went to some not so good websites and after that, I started having issues with re-direct viruses, lost my DVD driver so laptop doesn't see it any longer, and popups. I have tried to clean viruses off with spybot, malarebytes, Norton, Hitman...nothing helps. I ran the hijack this program and generated a log but don't understand it and what needs to be removed to fix it. Can someone help before I throw this thing out the window? I ran the log and here it is. Thank you for taking the time to look. I look forward to your response. Thanks so much.

Susanna

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:24:21 PM, on 8/19/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: beef8ad8 - {276C5A67-1916-DB0F-5D5B-4393787FB8CD} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Elf 1.15 Toolbar - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - (no file)
O2 - BHO: BHO Project - {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - C:\Program Files\Object\bho_project.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...tDetection2.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.c...loadControl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11636 bytes

#2
Gammo

Posted 19 August 2011 - 05:05 PM

Member 2k

Malware Removal
2,299 posts

Hi,

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Check the box that says Scan All Users.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

#3
mojoanna1

Posted 19 August 2011 - 05:18 PM

Member

Topic Starter
Member
30 posts

Hi Gammo,
Thanks for looking at my log. I will do as you ask and post results. Thanks again!

Susanna

#4
mojoanna1

Posted 19 August 2011 - 05:38 PM

Member

Topic Starter
Member
30 posts

Hi Again! Here is the info you asked for. Hope I did it right! Thanks again for helping Gammo.

Susanna

OTL Extras logfile created on: 8/19/2011 7:19:30 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = c:\Users\CYA\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 49.81% Memory free
6.09 Gb Paging File | 4.74 Gb Available in Paging File | 77.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.05 Gb Total Space | 134.49 Gb Free Space | 60.84% Space Free | Partition Type: NTFS
Drive D: | 11.84 Gb Total Space | 2.00 Gb Free Space | 16.89% Space Free | Partition Type: NTFS

Computer Name: SKV | User Name: CYA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-856919484-758718920-2567828494-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00935251-EDE3-42E3-9671-932A04839584}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0560A9A0-B87F-4736-A10B-FF6282A23448}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08A500A0-73D2-49DC-BCD6-16EA3AB52710}" = rport=138 | protocol=17 | dir=out | app=system |
"{0E05FD4C-E060-4C78-95A5-B31E56EC6C01}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{140B7189-1064-4E6C-952E-0F5D01EF2BD6}" = lport=139 | protocol=6 | dir=in | app=system |
"{1C1755DB-0F6C-417F-AA0A-F6FE9F78324D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BED2209-67A8-47C6-8733-8B719AA1E014}" = lport=138 | protocol=17 | dir=in | app=system |
"{35ECA00B-D892-4DEB-9393-10CCE3F890F6}" = rport=139 | protocol=6 | dir=out | app=system |
"{3A09C1C5-512D-4308-B4A6-D59C96F655A8}" = rport=445 | protocol=6 | dir=out | app=system |
"{494D96A8-5FC2-4418-9925-114869D885FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51997745-7262-4A79-B811-EFFB9C60CFB0}" = lport=445 | protocol=6 | dir=in | app=system |
"{61D5C99E-C19A-40BB-AF4F-AF1EF1B765A4}" = rport=137 | protocol=17 | dir=out | app=system |
"{7BC7FE03-BEE8-4351-AA90-D08D146D4100}" = lport=137 | protocol=17 | dir=in | app=system |
"{9D4B4930-2FA2-4E96-8F5E-08EB08078D7E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A52B9D47-FEE8-4748-ADDF-D2724F89E236}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BB7C4640-7DE7-470E-9827-03573814E3BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C41ABA97-89C2-4201-BEF6-26A1B2329D25}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E6F6FB1F-0F68-42AB-93D0-C0BF5E00E83E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F9104B9F-6487-4352-A803-785352ED7830}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017B9052-4885-4F82-8C87-3FD4B579629B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{0899873C-2FE3-4B8F-BF67-37505FC391EB}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{08BE1058-67A4-4755-B9A6-12E331837E26}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0C0AE36E-0E4D-4D72-B323-16F8B9FD8616}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10AE8740-C425-4055-B050-D2C8D8A914CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{19C82F78-ADB6-4F18-A707-7C6BFBEA2F2E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{24F97DBE-CFF3-4FE9-9C5F-4AEAA829CD25}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{28EDC14B-99C5-4DC4-A9A2-946AA504CA40}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{2BF17F72-D420-4EF4-AF7D-D5230D4CAB60}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3766594E-38CE-46AC-B9C8-794BEB11F99C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3D9FA2DC-CB1E-4974-9BCC-5AA5024A309B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{3EB90608-F2D6-462D-8E6A-62CB8B73EC00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{42C53CFD-1406-482D-B5ED-AE4F45221F35}" = protocol=58 | dir=in | [email protected],-28545 |
"{446972A3-80ED-478C-B560-F9ED04455FAB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{4A5F6E80-5D0B-4958-8965-3EA5CCA14F1D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4BB3A1D0-A2CC-4556-8BF5-E748F13ED868}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{52781438-FEFE-488B-9FE0-F4A399356C1B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{56F439D1-1C0D-430F-9E2F-22B993104D5A}" = protocol=58 | dir=out | [email protected],-28546 |
"{5AD1CA78-4043-4807-8DD5-27A7AC969269}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{652BE06B-E3B6-42A8-992E-164329AF3447}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{724EBD54-9766-48C4-9D1B-ACA678D78CC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{742C6854-BB12-48F7-B98F-526314D9874A}" = protocol=6 | dir=out | app=system |
"{77C611B3-A5C7-435C-94F8-09BC1E5BECF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{785844F4-5034-4D17-A928-04B0076A0DDA}" = dir=in | app=c:\windows\system32\avicap32.exe |
"{7EBDC63D-2F4A-43D7-BB61-B0D17EF264BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EF8235B-78F0-4E01-A704-1B54FACD99E3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8398D724-43C8-49CC-89F6-316D5D1F5573}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8704DBE3-7AF1-4862-AE7E-6EBFF187BA73}" = dir=in | app=c:\windows\system32\avicap32.exe |
"{89F187DB-E1F7-462A-8B0F-E989D00ED5BD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8D946153-734A-4AEF-937D-4AB324EB2A0F}" = protocol=1 | dir=in | [email protected],-28543 |
"{A134D469-740E-48C2-B273-D7F70A15C42E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A1EB99FB-F5C7-4F40-9FCB-D6A9372CA69C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A26F3BBA-987D-4F4B-8BAC-CDBB5D5AFE69}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A4F615ED-D50A-4B37-A908-F6DAD8113AB0}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{B2B054C1-EC44-4EDD-BC94-112F91BB353F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B83A3F41-6563-48DB-9C69-8596C2E3164A}" = protocol=1 | dir=out | [email protected],-28544 |
"{BF5A3721-FD76-4323-B5D9-59C1CEC971CF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C70EB426-ACF4-41B3-93F9-3D6D685B1C7C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C7FD07AD-F834-4AE8-939B-5D137B1C71FB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D26F7E56-95A5-42EC-8C2E-988FCA6B0A6E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D553A188-F969-4177-A8DE-ADA0C35515C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6718E64-81DF-4475-B411-5A0CD015F75F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{D7B0DA6F-8D96-4116-9472-AC7645B0A339}" = dir=in | app=c:\windows\system32\avicap32.exe |
"{E44738A6-41AE-4037-BEE5-40311404BCC5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E4F830F4-5E72-4E2E-B4F0-102048384074}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EEBBA209-7816-4D74-9CC4-9FAABFA4E159}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F34084EF-59AA-40AA-A436-19F090371469}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{D0FD675F-DD81-47AB-A1EF-01F6B7C843F5}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{D77B2D18-077B-46E3-91C3-83BE0617F288}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{FB250999-1F22-40DA-A900-138051D6BC7C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FFC90451-BD76-47ED-93B2-A48CC0FEAD69}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3284DA41-629C-40D2-B36A-8DC56D8227E1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8498229C-9559-4793-94EF-113982890A3A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B8FE8450-85DD-412B-901A-8C80341EED05}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{C625AAC6-BF7D-4DF4-9DC7-077A94030D85}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1EABDDCB-B788-4FD2-BA76-23472D8DD1D6}" = EPSON Easy Photo Print
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E8DD348-4174-4fe8-8FDC-238AAFBD2488}" = HP Photosmart All-In-One Driver Software 9.0.A Corporate Edition
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{753757EB-D718-49FE-B234-AFD0740D10AB}" = Web Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{968161AB-DFAB-4E31-8729-14CA192B0988}" = Driver Medic
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A03848C5-77D2-457a-8404-A1D5A769C87F}" = ps_aio_02_corporate
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.5.864
"{A93762E6-8EA6-4E7F-9557-64E51AA3AB84}" = CASIO USB Driver V1.0.8003.1229
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Pod to PC 4.027
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDF64A37-4842-48CD-A424-2C38444D36FD}" = LG Android Drivers
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"conduitEngine" = Conduit Engine
"ENTERPRISE" = Microsoft Office Enterprise 2007
"facetheme" = Facetheme
"FTDICOMM" = FTDI USB Serial Converter Drivers
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HitmanPro35" = Hitman Pro 3.5
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"NAV" = Norton AntiVirus
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = File Type Assistant
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"WildTangent hp Master Uninstall" = HP Games
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/18/2011 10:51:51 PM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

Error - 8/18/2011 10:51:52 PM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

Error - 8/18/2011 10:51:52 PM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

Error - 8/18/2011 10:51:53 PM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

Error - 8/18/2011 10:51:53 PM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

Error - 8/18/2011 10:51:54 PM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

Error - 8/18/2011 10:51:54 PM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

Error - 8/18/2011 10:51:55 PM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

Error - 8/18/2011 10:51:55 PM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

Error - 8/18/2011 10:51:57 PM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 3/19/2010 5:38:20 PM | Computer Name = CYA-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 3/8/2010 8:35:52 PM | Computer Name = CYA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 41 seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/18/2010 12:21:18 AM | Computer Name = CYA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 27 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/19/2011 3:30:03 PM | Computer Name = SKV | Source = Service Control Manager | ID = 7000
Description =

Error - 8/19/2011 3:30:17 PM | Computer Name = SKV | Source = Service Control Manager | ID = 7026
Description =

Error - 8/19/2011 3:31:54 PM | Computer Name = SKV | Source = DCOM | ID = 10010
Description =

Error - 8/19/2011 3:32:59 PM | Computer Name = SKV | Source = Service Control Manager | ID = 7011
Description =

Error - 8/19/2011 3:33:59 PM | Computer Name = SKV | Source = PNRPSvc | ID = 102
Description =

Error - 8/19/2011 3:33:59 PM | Computer Name = SKV | Source = Service Control Manager | ID = 7023
Description =

Error - 8/19/2011 3:44:16 PM | Computer Name = SKV | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x8050a001 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support. Signatures
loading: %%825 Loading signature version: 1.111.35.0 Loading engine version: 1.1.7104.0

Error - 8/19/2011 4:48:27 PM | Computer Name = SKV | Source = DCOM | ID = 10005
Description =

Error - 8/19/2011 4:48:27 PM | Computer Name = SKV | Source = Service Control Manager | ID = 7009
Description =

Error - 8/19/2011 4:48:27 PM | Computer Name = SKV | Source = Service Control Manager | ID = 7000
Description =

< End of report >

#5
mojoanna1

Posted 19 August 2011 - 05:40 PM

Member

Topic Starter
Member
30 posts

Gammo,

Here is the 2nd list of info you asked for. Thank you.

Susanna

OTL logfile created on: 8/19/2011 7:19:30 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = c:\Users\CYA\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 49.81% Memory free
6.09 Gb Paging File | 4.74 Gb Available in Paging File | 77.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.05 Gb Total Space | 134.49 Gb Free Space | 60.84% Space Free | Partition Type: NTFS
Drive D: | 11.84 Gb Total Space | 2.00 Gb Free Space | 16.89% Space Free | Partition Type: NTFS

Computer Name: SKV | User Name: CYA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/19 19:10:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- c:\Users\CYA\Downloads\OTL.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe
PRC - [2010/06/01 11:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/05 16:09:54 | 001,620,520 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/09/05 16:09:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

========== Modules (No Company Name) ==========

MOD - [2010/06/01 11:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/12/19 22:28:32 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/12/19 22:28:20 | 000,251,288 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/12/19 22:28:20 | 000,120,208 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/12/19 22:28:20 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/12/19 22:27:04 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/09/05 16:03:06 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/09/05 15:52:04 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\btwhidcs.dll
MOD - [2007/08/14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe -- (NAV)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/24 07:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 22:25:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

========== Driver Services (SafeList) ==========

DRV - [2011/08/19 15:38:32 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110819.007_2c8\navex15.sys -- (NAVEX15)
DRV - [2011/08/19 15:38:31 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110819.007_2c8\naveng.sys -- (NAVENG)
DRV - [2011/08/18 18:33:26 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110818.030_330\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/12 23:21:56 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110812.001_2b1\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/02 17:27:31 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/08/02 14:47:04 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/02 14:47:03 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/12/06 16:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 17:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/05/18 09:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 09:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ftdibus.sys -- (FTDIBUS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]

IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook....home.php?ref=hp [binary data]
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C A7 CD 01 83 2E 15 43 BE E6 AA 2D D6 07 10 B3 [binary data]
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-856919484-758718920-2567828494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\CYA\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011/08/19 19:23:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/08/11 01:49:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/19 15:43:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/08/11 01:49:12 | 000,000,000 | ---D | M]

[2011/06/20 15:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CYA\AppData\Roaming\Mozilla\Extensions
[2011/08/19 15:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions
[2011/06/23 02:03:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{3a1f32af-699d-45a9-a372-fb0efcb31408}
[2011/07/05 15:19:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{3dfe2624-016f-4d63-b1d9-4a0ba4b76b07}
[2011/06/25 04:30:22 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{45abb7f7-64a3-494d-b195-ca8481ac0e3f}
[2011/08/10 09:19:42 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/08/19 15:44:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/10 11:29:41 | 000,000,000 | ---D | M] (Burn4Free DB Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/08/10 09:19:44 | 000,002,263 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\bing-zugo.xml
[2011/08/10 12:35:06 | 000,002,376 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\search.xml
[2011/08/19 18:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/19 18:57:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/19 15:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/08/19 15:43:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) --
[2011/08/11 01:49:12 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES\OBJECT\FACETHEME
[2011/08/19 19:23:17 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/11 04:15:30 | 000,395,221 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13649 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {276C5A67-1916-DB0F-5D5B-4393787FB8CD} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - No CLSID value found.
O2 - BHO: (Facetheme) - {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - C:\Program Files\Object\bho_project.dll (InternetEngine)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\..\Toolbar\WebBrowser: (no name) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No CLSID value found.
O3 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-856919484-758718920-2567828494-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-856919484-758718920-2567828494-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.c...loadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\CYA\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\CYA\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/22 03:43:54 | 000,000,074 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{69a40c4c-8285-11df-8b68-81fbf97734d9}\Shell\AutoRun\command - "" = F:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\{69a40c4c-8285-11df-8b68-81fbf97734d9}\Shell\Install\command - "" = F:\Seagate\Installer\InstallSeagateManager.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/19 17:19:56 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/19 16:48:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/19 16:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/19 16:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/08/19 16:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/08/19 16:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/08/19 16:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/08/19 15:43:59 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\Tific
[2011/08/19 15:41:47 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\Symantec
[2011/08/16 16:00:53 | 000,000,000 | ---D | C] -- C:\Users\CYA\Desktop\New Folder (2)
[2011/08/11 20:57:36 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\ElevatedDiagnostics
[2011/08/11 19:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2011/08/11 17:24:59 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\InstallShield
[2011/08/11 01:49:15 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\Systweak
[2011/08/11 01:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Object
[2011/08/11 01:49:07 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2011/08/11 01:45:46 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\.minecraft
[2011/08/10 12:00:37 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\CrashDumps
[2011/08/10 11:29:48 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\Minibar
[2011/08/10 11:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Burn4Free DB Toolbar
[2011/08/10 11:05:09 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\Blitware
[2011/08/10 11:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Robot
[2011/08/10 10:45:36 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\GlarySoft
[2011/08/10 10:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Glarysoft
[2011/08/10 10:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/08/10 09:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Boost
[2011/08/10 09:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\DriverBoost
[2011/08/10 09:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar
[2011/08/10 02:54:31 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\VS Revo Group
[2011/08/10 02:54:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/08/10 02:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/08/09 23:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2011/08/09 23:45:16 | 000,000,000 | ---D | C] -- C:\Users\CYA\Documents\Image-Line
[2011/08/09 23:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011/08/09 23:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2011/08/04 23:25:44 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\PC_Drivers_Headquarters
[2011/08/04 23:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Medic
[2011/08/04 23:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Medic
[2011/08/04 23:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Medic
[2011/08/04 22:58:20 | 000,000,000 | ---D | C] -- C:\Users\CYA\Documents\DriverGenius
[2011/08/04 15:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/02 17:27:08 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symtdiv.sys
[2011/08/02 17:27:07 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.sys
[2011/08/02 17:27:07 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symnets.sys
[2011/08/02 17:27:06 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.sys
[2011/08/02 17:27:06 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.sys
[2011/08/02 17:27:05 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.sys
[2011/08/02 17:27:05 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1206000.01D\ironx86.sys
[2011/08/02 17:24:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1206000.01D
[2011/08/02 14:16:14 | 000,126,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/08/02 14:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/08/02 14:14:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2011/08/02 14:14:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2011/08/02 14:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2011/08/02 14:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/08/02 14:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/08/02 14:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/08/02 13:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WinMaximizer
[2011/08/02 06:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/07/31 11:19:55 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\Solid State Networks
[2011/07/27 17:18:28 | 003,325,832 | ---- | C] (Ask) -- C:\Program Files\Common Files\APNToolbarInstaller.exe
[2011/07/27 17:18:28 | 000,108,424 | ---- | C] (Ask.com) -- C:\Program Files\Common Files\APNStub.exe
[2011/07/27 12:55:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2011/07/27 12:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Hard Disk Tune-Up
[2011/07/27 12:06:52 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\PackageAware
[2011/07/23 19:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series
[2011/07/23 19:04:31 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2011/07/23 19:04:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/03/23 20:53:47 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files\Common Files\AskToolbarInstaller.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\CYA\Desktop\*.tmp files -> C:\Users\CYA\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/19 17:29:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/19 17:29:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/19 17:19:56 | 000,001,944 | ---- | M] () -- C:\Users\CYA\Desktop\HiJackThis.lnk
[2011/08/19 16:56:20 | 000,002,645 | ---- | M] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/08/19 16:49:06 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/19 16:44:05 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/08/19 16:44:05 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/08/19 16:21:14 | 000,267,624 | ---- | M] () -- C:\Users\CYA\Documents\Wounded Warrior Event.pdf
[2011/08/19 15:50:54 | 000,293,174 | ---- | M] () -- C:\Users\CYA\Documents\Attachments_2011_08_19.zip
[2011/08/19 15:43:55 | 000,000,870 | ---- | M] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/19 15:43:54 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/19 15:36:06 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/19 15:36:06 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/19 15:33:31 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/08/19 15:30:36 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-CYA-Startup.job
[2011/08/19 15:29:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/19 15:29:20 | 3152,920,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/16 02:32:35 | 001,285,269 | ---- | M] () -- C:\Users\CYA\Desktop\untitled.mp3
[2011/08/11 19:22:31 | 000,006,944 | ---- | M] () -- C:\Users\CYA\AppData\Local\d3d9caps.dat
[2011/08/11 14:03:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/11 12:00:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\PerfectOptimizer_home.job
[2011/08/11 10:53:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/08/11 10:53:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/08/11 08:56:17 | 002,202,738 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1206000.01D\Cat.DB
[2011/08/11 04:00:00 | 000,000,224 | ---- | M] () -- C:\Windows\tasks\ARO 2011.job
[2011/08/10 21:28:17 | 000,000,943 | ---- | M] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/10 21:17:36 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/08/10 21:17:36 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/08/10 21:17:23 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/08/10 19:39:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/08/04 23:43:40 | 000,002,128 | ---- | M] () -- C:\Users\Public\Desktop\Driver Medic.lnk
[2011/08/03 12:23:44 | 000,002,125 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/08/03 12:22:05 | 459,315,212 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/02 17:27:31 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/08/02 17:27:31 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/08/02 17:27:31 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/07/27 17:18:29 | 000,001,684 | ---- | M] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk
[2011/07/27 17:18:29 | 000,001,660 | ---- | M] () -- C:\Users\Public\Desktop\VDownloader.lnk
[2011/07/25 13:22:24 | 003,558,998 | ---- | M] () -- C:\Users\CYA\Desktop\Dr Dre - Murder Ink.mp3
[2011/07/25 01:05:36 | 006,555,930 | ---- | M] () -- C:\Users\CYA\Desktop\Mos Def - Summertime.mp3
[2011/07/25 01:03:46 | 006,503,894 | ---- | M] () -- C:\Users\CYA\Desktop\Mos Def- Sunshine.mp3
[2011/07/25 01:02:33 | 005,720,221 | ---- | M] () -- C:\Users\CYA\Desktop\Dre & Snoop Doggy Dog - aint nothing but a g-thang.mp3
[2011/07/25 01:01:24 | 005,290,141 | ---- | M] () -- C:\Users\CYA\Desktop\Dr. Dre -Ackrite.mp3
[2011/07/24 00:20:49 | 006,804,034 | ---- | M] () -- C:\Users\CYA\Desktop\RUFFNECK (FLEX) - SKRILLEX.mp3
[2011/07/24 00:16:00 | 007,084,275 | ---- | M] () -- C:\Users\CYA\Desktop\Feed Me - Strange Behaviour (ft. Tasha Baxter).mp3
[2011/07/23 04:01:13 | 004,367,287 | ---- | M] () -- C:\Users\CYA\Desktop\Doctor P - Sweet Shop (Friction vs Camo & Krooked Remix).mp3
[2011/07/23 03:58:01 | 200,486,951 | ---- | M] () -- C:\Users\CYA\Desktop\Skrillex - Rock n Roll (Will Take You to the Mountain).mp4
[2011/07/23 03:53:51 | 005,765,361 | ---- | M] () -- C:\Users\CYA\Desktop\'Still Gettin It' Foreign Beggars feat Skrillex.mp3
[2011/07/23 03:48:06 | 025,659,988 | ---- | M] () -- C:\Users\CYA\Desktop\FIRST OF THE YEAR (EQUINOX) - SKRILLEX.mp4
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\CYA\Desktop\*.tmp files -> C:\Users\CYA\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/19 17:19:56 | 000,001,944 | ---- | C] () -- C:\Users\CYA\Desktop\HiJackThis.lnk
[2011/08/19 16:56:20 | 000,002,645 | ---- | C] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/08/19 16:49:05 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/08/19 16:49:04 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/19 16:44:05 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/08/19 16:44:04 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/08/19 16:21:14 | 000,267,624 | ---- | C] () -- C:\Users\CYA\Documents\Wounded Warrior Event.pdf
[2011/08/19 16:17:05 | 000,293,174 | ---- | C] () -- C:\Users\CYA\Documents\Attachments_2011_08_19.zip
[2011/08/16 02:27:30 | 001,285,269 | ---- | C] () -- C:\Users\CYA\Desktop\untitled.mp3
[2011/08/11 10:53:21 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/08/11 10:53:21 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/08/10 21:47:55 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/10 21:28:16 | 000,000,943 | ---- | C] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/10 21:17:23 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/04 23:23:44 | 000,002,128 | ---- | C] () -- C:\Users\Public\Desktop\Driver Medic.lnk
[2011/08/04 15:07:19 | 3152,920,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/03 12:22:05 | 459,315,212 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/03 12:21:13 | 002,202,738 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\Cat.DB
[2011/08/02 17:27:07 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnetv.cat
[2011/08/02 17:27:07 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnet.cat
[2011/08/02 17:27:07 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnetv.inf
[2011/08/02 17:27:07 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnet.inf
[2011/08/02 17:27:06 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.cat
[2011/08/02 17:27:06 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.cat
[2011/08/02 17:27:06 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.inf
[2011/08/02 17:27:06 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.inf
[2011/08/02 17:27:06 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.inf
[2011/08/02 17:27:05 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.cat
[2011/08/02 17:27:05 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.inf
[2011/08/02 17:27:03 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\iron.cat
[2011/08/02 17:27:03 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\iron.inf
[2011/08/02 17:25:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.cat
[2011/08/02 17:24:56 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\isolate.ini
[2011/08/02 14:16:14 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/08/02 14:16:14 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/08/02 14:15:53 | 000,002,125 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/08/02 13:26:36 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\WinMaximizer-CYA-Startup.job
[2011/07/27 12:48:23 | 000,000,224 | ---- | C] () -- C:\Windows\tasks\ARO 2011.job
[2011/07/25 01:05:20 | 006,555,930 | ---- | C] () -- C:\Users\CYA\Desktop\Mos Def - Summertime.mp3
[2011/07/25 01:03:24 | 006,503,894 | ---- | C] () -- C:\Users\CYA\Desktop\Mos Def- Sunshine.mp3
[2011/07/25 01:02:17 | 005,720,221 | ---- | C] () -- C:\Users\CYA\Desktop\Dre & Snoop Doggy Dog - aint nothing but a g-thang.mp3
[2011/07/25 01:01:06 | 005,290,141 | ---- | C] () -- C:\Users\CYA\Desktop\Dr. Dre -Ackrite.mp3
[2011/07/25 00:57:54 | 003,558,998 | ---- | C] () -- C:\Users\CYA\Desktop\Dr Dre - Murder Ink.mp3
[2011/07/23 04:00:59 | 004,367,287 | ---- | C] () -- C:\Users\CYA\Desktop\Doctor P - Sweet Shop (Friction vs Camo & Krooked Remix).mp3
[2011/07/23 03:58:01 | 200,486,951 | ---- | C] () -- C:\Users\CYA\Desktop\Skrillex - Rock n Roll (Will Take You to the Mountain).mp4
[2011/07/23 03:55:18 | 007,084,275 | ---- | C] () -- C:\Users\CYA\Desktop\Feed Me - Strange Behaviour (ft. Tasha Baxter).mp3
[2011/07/23 03:53:30 | 005,765,361 | ---- | C] () -- C:\Users\CYA\Desktop\'Still Gettin It' Foreign Beggars feat Skrillex.mp3
[2011/07/23 03:50:23 | 006,804,034 | ---- | C] () -- C:\Users\CYA\Desktop\RUFFNECK (FLEX) - SKRILLEX.mp3
[2011/07/23 03:48:06 | 025,659,988 | ---- | C] () -- C:\Users\CYA\Desktop\FIRST OF THE YEAR (EQUINOX) - SKRILLEX.mp4
[2011/06/25 14:45:40 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/20 15:12:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/20 01:31:57 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2011/06/16 15:52:20 | 000,009,912 | -HS- | C] () -- C:\Users\CYA\AppData\Local\yns151l07r0mvf4348t8vrbb763qw45h8
[2011/06/16 15:52:20 | 000,009,912 | -HS- | C] () -- C:\ProgramData\yns151l07r0mvf4348t8vrbb763qw45h8
[2011/06/13 09:01:39 | 000,000,060 | ---- | C] () -- C:\ProgramData\1e1cdd8a
[2011/05/27 21:42:06 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~45931164r
[2011/05/27 21:42:06 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~45931164
[2011/05/27 21:41:59 | 000,000,392 | -H-- | C] () -- C:\ProgramData\45931164
[2011/04/13 15:49:45 | 000,176,780 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/05/16 20:03:03 | 000,006,944 | ---- | C] () -- C:\Users\CYA\AppData\Local\d3d9caps.dat
[2010/03/16 20:29:11 | 000,000,171 | -H-- | C] () -- C:\Users\CYA\AppData\Local\rahistory.xml
[2009/10/08 20:30:01 | 000,130,920 | ---- | C] () -- C:\Windows\hpoins21.dat
[2009/10/08 20:30:01 | 000,008,252 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2009/09/24 06:51:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 06:51:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/11 21:25:10 | 000,000,078 | -H-- | C] () -- C:\Users\CYA\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/31 23:03:37 | 000,013,312 | ---- | C] () -- C:\Users\CYA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 21:19:27 | 000,095,433 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009/07/31 20:49:09 | 000,095,433 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/31 17:08:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/22 04:40:04 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/22 04:36:25 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/08/22 03:58:40 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/22 02:52:26 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/09/05 15:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,387,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/24 11:04:14 | 000,000,133 | ---- | C] () -- C:\Windows\System32\ftdiun2k.ini
[2006/05/24 10:40:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\ftdiunin.exe
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/08/11 01:55:38 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\.minecraft
[2010/10/31 12:48:00 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Amazon
[2011/04/19 09:40:19 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\AVG10
[2011/08/10 11:05:09 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Blitware
[2010/01/03 15:20:54 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\funkitron
[2011/08/10 10:45:36 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\GlarySoft
[2011/06/11 03:22:42 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\ICAClient
[2011/08/10 23:25:28 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\IObit
[2011/07/10 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Macroplant, LLC
[2010/01/02 15:08:09 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Magic Academy
[2009/12/25 16:09:18 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Oberonv1002
[2010/06/29 22:20:10 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\PlayFirst
[2010/06/15 21:09:59 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Smith Micro
[2011/08/11 09:19:21 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Systweak
[2009/08/11 21:25:26 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Template
[2011/08/19 15:43:59 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Tific
[2010/06/14 20:03:17 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Titanium Gears
[2011/06/11 03:22:44 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\uTorrent
[2011/05/12 18:08:33 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\VDownloader
[2009/08/08 19:10:35 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\WildTangent
[2011/06/11 03:22:44 | 000,000,000 | ---D | M] -- C:\Users\Devon\AppData\Roaming\ICAClient
[2011/07/05 15:18:18 | 000,000,000 | ---D | M] -- C:\Users\Devon\AppData\Roaming\IObit
[2011/08/11 04:00:00 | 000,000,224 | ---- | M] () -- C:\Windows\Tasks\ARO 2011.job
[2011/08/11 12:00:00 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\PerfectOptimizer_home.job
[2011/08/11 14:03:41 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/19 15:30:36 | 000,000,304 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-CYA-Startup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C8A26DAA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CF2C26D2

< End of report >

#6
Gammo

Posted 20 August 2011 - 06:06 AM

Member 2k

Malware Removal
2,299 posts

Hi,

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKLM\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/08/11 01:49:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011/08/11 01:49:12 | 000,000,000 | ---D | M]
[2011/06/23 02:03:40 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{3a1f32af-699d-45a9-a372-fb0efcb31408}
[2011/07/05 15:19:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{3dfe2624-016f-4d63-b1d9-4a0ba4b76b07}
[2011/06/25 04:30:22 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{45abb7f7-64a3-494d-b195-ca8481ac0e3f}
[2011/08/10 09:19:42 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/08/10 11:29:41 | 000,000,000 | ---D | M] (Burn4Free DB Toolbar) -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/08/10 09:19:44 | 000,002,263 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\bing-zugo.xml
[2011/08/10 12:35:06 | 000,002,376 | ---- | M] () -- C:\Users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\searchplugins\search.xml
[2011/08/11 01:49:12 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES\OBJECT\FACETHEME
O2 - BHO: (no name) - {276C5A67-1916-DB0F-5D5B-4393787FB8CD} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - No CLSID value found.
O2 - BHO: (Facetheme) - {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - C:\Program Files\Object\bho_project.dll (InternetEngine)
O3 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\..\Toolbar\WebBrowser: (no name) - {22E03916-85C5-44B0-8DC9-1830C11238D9} - No CLSID value found.
O3 - HKU\S-1-5-21-856919484-758718920-2567828494-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
[2011/08/11 01:49:15 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\Systweak
[2011/08/11 01:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Object
[2011/08/11 01:49:07 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2011/08/10 11:29:48 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\Minibar
[2011/08/10 11:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Burn4Free DB Toolbar
[2011/08/10 11:05:09 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Roaming\Blitware
[2011/08/10 11:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Robot
[2011/08/10 09:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Boost
[2011/08/10 09:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\DriverBoost
[2011/08/10 09:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar
[2011/08/04 23:25:44 | 000,000,000 | ---D | C] -- C:\Users\CYA\AppData\Local\PC_Drivers_Headquarters
[2011/08/04 23:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Medic
[2011/08/04 23:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Medic
[2011/08/04 23:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Medic
[2011/08/04 22:58:20 | 000,000,000 | ---D | C] -- C:\Users\CYA\Documents\DriverGenius
[2011/08/02 13:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WinMaximizer
[2011/08/02 06:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/07/27 12:55:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2011/07/27 12:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Hard Disk Tune-Up
[2011/08/19 15:30:36 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-CYA-Startup.job
[2011/08/11 12:00:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\PerfectOptimizer_home.job
[2011/08/11 04:00:00 | 000,000,224 | ---- | M] () -- C:\Windows\tasks\ARO 2011.job
[2011/08/04 23:43:40 | 000,002,128 | ---- | M] () -- C:\Users\Public\Desktop\Driver Medic.lnk
[2011/06/16 15:52:20 | 000,009,912 | -HS- | C] () -- C:\Users\CYA\AppData\Local\yns151l07r0mvf4348t8vrbb763qw45h8
[2011/06/16 15:52:20 | 000,009,912 | -HS- | C] () -- C:\ProgramData\yns151l07r0mvf4348t8vrbb763qw45h8
[2011/06/13 09:01:39 | 000,000,060 | ---- | C] () -- C:\ProgramData\1e1cdd8a
[2011/05/27 21:42:06 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~45931164r
[2011/05/27 21:42:06 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~45931164
[2011/05/27 21:41:59 | 000,000,392 | -H-- | C] () -- C:\ProgramData\45931164
[2011/08/10 23:25:28 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\IObit
[2011/07/05 15:18:18 | 000,000,000 | ---D | M] -- C:\Users\Devon\AppData\Roaming\IObit
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\CYA\Desktop\*.tmp files -> C:\Users\CYA\Desktop\*.tmp -> ]

:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{785844F4-5034-4D17-A928-04B0076A0DDA}"=-
"{8704DBE3-7AF1-4862-AE7E-6EBFF187BA73}"=-
"{D7B0DA6F-8D96-4116-9472-AC7645B0A339}"=-

:Files
ipconfig /flushdns /c
c:\windows\system32\avicap32.exe
C:\Program Files\Viewpoint
C:\Program Files\Object
C:\Program Files\ConduitEngine

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

#7
mojoanna1

Posted 20 August 2011 - 11:28 AM

Member

Topic Starter
Member
30 posts

Ok Gammo, here is the log that was generated after running Combofix. Thanks for helping me with this nightmare! Susanna

ComboFix 11-08-19.02 - CYA 08/20/2011 12:01:04.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1780 [GMT -4:00]
Running from: c:\users\CYA\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-20 to 2011-08-20 )))))))))))))))))))))))))))))))
.
.
2011-08-20 16:15 . 2011-08-20 16:15 -------- d-----w- c:\users\Devon\AppData\Local\temp
2011-08-20 16:15 . 2011-08-20 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-20 14:33 . 2011-08-20 14:33 -------- d-----w- C:\_OTL
2011-08-20 13:44 . 2011-08-20 13:44 -------- d-----w- C:\4e4418e410e5bbd38ecce24d0852a8
2011-08-20 13:39 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{984336F8-2126-4FEF-A834-D0D5AA7DE15B}\mpengine.dll
2011-08-20 05:48 . 2011-08-20 05:48 -------- d-----w- c:\users\CYA\AppData\Local\uTorrent
2011-08-20 05:42 . 2011-08-20 05:43 -------- d-----w- c:\users\CYA\AppData\Local\VDownloader
2011-08-20 05:42 . 2011-08-20 05:42 -------- d-----w- c:\users\CYA\AppData\Roaming\VDownloader
2011-08-20 05:29 . 2011-08-20 05:29 -------- d-----w- c:\program files\Ask.com
2011-08-20 04:31 . 2011-08-20 04:31 -------- d-----w- c:\programdata\WeCareReminder
2011-08-20 04:30 . 2011-08-20 04:30 -------- d-----w- c:\users\CYA\AppData\Roaming\OpenCandy
2011-08-19 20:45 . 2011-08-19 20:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-19 20:44 . 2011-08-19 20:44 -------- d-----w- c:\programdata\McAfee
2011-08-19 20:44 . 2011-08-19 20:44 -------- d-----w- c:\program files\McAfee Security Scan
2011-08-19 19:43 . 2011-08-19 19:43 -------- d-----w- c:\users\CYA\AppData\Roaming\Tific
2011-08-19 19:41 . 2011-08-19 19:41 -------- d-----w- c:\users\CYA\AppData\Local\Symantec
2011-08-14 03:24 . 2011-08-20 17:22 -------- d-----w- c:\program files\VstPlugins
2011-08-14 03:24 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2011-08-12 00:57 . 2011-08-12 00:57 -------- d-----w- c:\users\CYA\AppData\Local\ElevatedDiagnostics
2011-08-11 23:13 . 2011-08-11 23:13 -------- d-----w- c:\programdata\LightScribe
2011-08-11 21:24 . 2011-08-11 21:24 -------- d-----w- c:\users\CYA\AppData\Roaming\InstallShield
2011-08-11 19:29 . 2011-08-11 19:29 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-08-11 19:29 . 2011-08-20 17:11 -------- d-----w- c:\program files\Realtek
2011-08-11 19:29 . 2011-08-11 19:29 315392 ----a-w- c:\windows\HideWin.exe
2011-08-11 19:29 . 2007-07-26 05:09 520192 ----a-w- c:\windows\RtlExUpd.dll
2011-08-11 05:49 . 2011-08-11 13:19 -------- d-----w- c:\users\CYA\AppData\Roaming\Systweak
2011-08-11 05:49 . 2011-08-20 15:24 -------- d-----w- c:\program files\Object
2011-08-11 05:49 . 2011-06-16 17:24 17280 ----a-w- c:\windows\system32\roboot.exe
2011-08-11 05:45 . 2011-08-11 05:55 -------- d-----w- c:\users\CYA\AppData\Roaming\.minecraft
2011-08-11 00:45 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 16:00 . 2011-08-20 15:36 -------- d-----w- c:\users\CYA\AppData\Local\CrashDumps
2011-08-10 15:29 . 2011-08-10 15:29 -------- d-----w- c:\users\CYA\AppData\Local\Minibar
2011-08-10 15:29 . 2011-08-10 15:29 -------- d-----w- c:\program files\Burn4Free DB Toolbar
2011-08-10 15:05 . 2011-08-10 15:05 -------- d-----w- c:\users\CYA\AppData\Roaming\Blitware
2011-08-10 15:05 . 2011-08-10 15:05 -------- d-----w- c:\program files\Driver Robot
2011-08-10 14:45 . 2011-08-10 14:45 -------- d-----w- c:\users\CYA\AppData\Roaming\GlarySoft
2011-08-10 14:43 . 2011-08-10 14:43 -------- d-----w- c:\program files\Glarysoft
2011-08-10 14:41 . 2011-08-10 14:41 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-10 13:39 . 2011-08-10 13:39 -------- d-----w- c:\programdata\Driver Boost
2011-08-10 13:37 . 2011-08-10 13:37 -------- d-----w- c:\program files\DriverBoost
2011-08-10 06:54 . 2011-08-10 06:54 -------- d-----w- c:\users\CYA\AppData\Local\VS Revo Group
2011-08-10 06:54 . 2011-08-10 06:54 -------- d-----w- c:\program files\VS Revo Group
2011-08-10 03:45 . 2011-08-20 17:22 -------- d-----w- c:\program files\ASIO4ALL v2
2011-08-10 03:44 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-08-10 03:44 . 2011-08-10 03:44 -------- d-----w- c:\program files\Outsim
2011-08-10 03:38 . 2011-08-10 03:45 -------- d-----w- c:\program files\Image-Line
2011-08-05 03:25 . 2011-08-05 03:25 -------- d-----w- c:\programdata\Driver Medic
2011-08-04 19:47 . 2011-08-04 19:47 -------- d-----w- c:\programdata\Kaspersky Lab
2011-08-02 18:16 . 2011-08-02 21:28 -------- d-----w- c:\program files\Symantec
2011-08-02 18:16 . 2011-08-02 21:27 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-08-02 18:14 . 2011-08-03 16:23 -------- d-----w- c:\windows\system32\drivers\NAV
2011-08-02 18:14 . 2011-08-02 18:14 -------- d-----w- c:\program files\Norton AntiVirus
2011-08-02 18:14 . 2011-08-02 18:17 -------- d-----w- c:\programdata\Norton
2011-08-02 18:14 . 2011-08-02 18:14 -------- d-----w- c:\program files\NortonInstaller
2011-08-02 17:26 . 2011-08-02 17:26 -------- d-----w- c:\programdata\WinMaximizer
2011-08-02 10:19 . 2011-08-02 10:19 -------- d-----w- c:\programdata\IObit
2011-07-31 15:19 . 2011-08-19 20:50 -------- d-----w- c:\users\CYA\AppData\Local\Solid State Networks
2011-07-27 21:18 . 2011-03-23 17:03 108424 ----a-w- c:\program files\Common Files\APNStub.exe
2011-07-27 21:18 . 2011-03-23 16:26 3325832 ----a-w- c:\program files\Common Files\APNToolbarInstaller.exe
2011-07-27 16:55 . 2011-08-10 14:41 -------- dc-h--w- c:\programdata\~0
2011-07-27 16:49 . 2011-08-04 18:23 -------- d-----w- c:\program files\Hard Disk Tune-Up
2011-07-27 16:06 . 2011-07-27 16:06 -------- d-----w- c:\users\CYA\AppData\Local\PackageAware
2011-07-23 23:04 . 2011-07-23 23:04 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-07-23 23:04 . 2011-07-23 23:04 -------- d--h--w- c:\programdata\CanonBJ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 15:28 . 2011-06-25 18:45 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-20 19:55 . 2011-06-13 12:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 00:03 . 2011-06-14 00:03 0 ---ha-w- c:\windows\system32\fwcfyzstca.tmp
2011-06-13 11:50 . 2011-06-13 11:50 0 ---ha-w- c:\windows\system32\yqysuydedo.tmp
2011-05-24 23:14 . 2009-10-03 10:33 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2010-02-10 20:18 . 2010-03-24 00:53 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2010-01-26 15:11 . 2011-06-20 05:31 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2011-04-14 16:26 . 2011-06-20 19:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-12-25 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-856919484-758718920-2567828494-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110812.001_e9a\BHDrvx86.sys [2011-08-13 815736]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110819.030_efc\IDSvix86.sys [2011-08-19 367736]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAV\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-02 105592]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
LPDService REG_MULTI_SZ LPDSVC
rsmsvcs REG_MULTI_SZ ntmssvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\users\CYA\AppData\Roaming\Mozilla\Firefox\Profiles\8dzovbx9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{276C5A67-1916-DB0F-5D5B-4393787FB8CD} - (no file)
BHO-{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - (no file)
WebBrowser-{22E03916-85C5-44B0-8DC9-1830C11238D9} - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-HardDiskTune-Up_is1 - c:\program files\Hard Disk Tune-Up\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-20 12:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-856919484-758718920-2567828494-1000\Software\SecuROM\License information*]
"datasecu"=hex:5b,06,65,ef,36,9b,ad,92,57,e6,36,8c,cb,41,fe,6d,bd,dd,55,3c,19,
07,1c,73,a0,eb,ba,93,77,f7,92,b4,6e,b7,16,6b,15,e4,68,c7,2f,94,3d,92,26,a9,\
"rkeysecu"=hex:3f,c1,a9,54,1e,90,3b,e7,ce,88,78,fd,64,7c,bd,0f
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-20 12:35:16
ComboFix-quarantined-files.txt 2011-08-20 16:35
.
Pre-Run: 147,305,365,504 bytes free
Post-Run: 147,141,656,576 bytes free
.
- - End Of File - - 11C24AC03B96AE1BC0AEAE8694760D5D

#8
Gammo

Posted 20 August 2011 - 12:49 PM

Member 2k

Malware Removal
2,299 posts

Hi,

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes

:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{785844F4-5034-4D17-A928-04B0076A0DDA}"=-
"{8704DBE3-7AF1-4862-AE7E-6EBFF187BA73}"=-
"{D7B0DA6F-8D96-4116-9472-AC7645B0A339}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

:Files
ipconfig /flushdns /c
c:\users\CYA\AppData\Roaming\OpenCandy
c:\windows\system32\fwcfyzstca.tmp
c:\windows\system32\yqysuydedo.tmp
c:\program files\ConduitEngine
c:\users\CYA\AppData\Roaming\Systweak
c:\program files\Object
c:\windows\system32\roboot.exe
c:\users\CYA\AppData\Local\Minibar
c:\program files\Burn4Free DB Toolbar
c:\users\CYA\AppData\Roaming\Blitware
c:\program files\Driver Robot
c:\programdata\Driver Boost
c:\program files\DriverBoost
c:\programdata\Driver Medic
c:\programdata\WinMaximizer
c:\programdata\IObit
c:\programdata\~0
c:\program files\Hard Disk Tune-Up
C:\Program Files\Viewpoint
c:\windows\system32\avicap32.exe
C:\Windows\System32\*.tmp
C:\Users\CYA\Desktop\*.tmp
C:\Program Files\StartNow Toolbar
C:\Users\CYA\AppData\Local\PC_Drivers_Headquarters
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Medic
C:\Program Files\Driver Medic
C:\Users\CYA\Documents\DriverGenius
C:\Windows\tasks\WinMaximizer-CYA-Startup.job
C:\Windows\tasks\PerfectOptimizer_home.job
C:\Windows\tasks\ARO 2011.job
C:\Users\Public\Desktop\Driver Medic.lnk
C:\Users\CYA\AppData\Local\yns151l07r0mvf4348t8vrbb763qw45h8
C:\ProgramData\yns151l07r0mvf4348t8vrbb763qw45h8
C:\ProgramData\1e1cdd8a
C:\ProgramData\~45931164r
C:\ProgramData\~45931164
C:\ProgramData\45931164
C:\Users\CYA\AppData\Roaming\IObit
C:\Users\Devon\AppData\Roaming\IObit

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]

Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Run OTL again

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Check the box that says Scan All Users.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it in your topic.

#9
mojoanna1

Posted 20 August 2011 - 02:19 PM

Member

Topic Starter
Member
30 posts

Hey Gammo,
I did what you told me but I could not copy the log from OTM because it would only allow me to reboot. When the computer rebooted, I did what you said about going to *.log but notepad couldn't find any log. So I went ahead and did the OTL again and this is what it displayed in notepad. Thanks Susanna

OTL text

[2011/08/11 19:35:01 | 002,207,052 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1206000.01D\Cat.DB
[2011/08/11 19:22:31 | 000,006,944 | ---- | M] () -- C:\Users\CYA\AppData\Local\d3d9caps.dat
[2011/08/11 17:39:22 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv9700 Notebook PC_Y5335KV_0U_QCNF8303Q4Z_E480576-003_4A_I30D1_SQuanta_V85.26_F.34_T110322_WV3-2_L409_M3007_J250_7AMD_8F82_92.00_#090731_N10DE054C;168C001C_(FE694UA#ABA)_XMOBILE_CN10_Z.MRK
[2011/08/11 10:53:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/08/11 10:53:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/08/10 21:47:56 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/10 21:28:17 | 000,000,943 | ---- | M] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/10 21:17:36 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/08/10 21:17:36 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/08/10 21:17:23 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/08/10 19:39:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/08/03 12:23:44 | 000,002,125 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/08/02 17:27:31 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/08/02 17:27:31 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/08/02 17:27:31 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/07/27 17:18:29 | 000,001,684 | ---- | M] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk
[2011/07/27 17:18:29 | 000,001,660 | ---- | M] () -- C:\Users\Public\Desktop\VDownloader.lnk
[2011/07/25 13:22:24 | 003,558,998 | ---- | M] () -- C:\Users\CYA\Desktop\Dr Dre - Murder Ink.mp3
[2011/07/25 01:05:36 | 006,555,930 | ---- | M] () -- C:\Users\CYA\Desktop\Mos Def - Summertime.mp3
[2011/07/25 01:03:46 | 006,503,894 | ---- | M] () -- C:\Users\CYA\Desktop\Mos Def- Sunshine.mp3
[2011/07/25 01:02:33 | 005,720,221 | ---- | M] () -- C:\Users\CYA\Desktop\Dre & Snoop Doggy Dog - aint nothing but a g-thang.mp3
[2011/07/25 01:01:24 | 005,290,141 | ---- | M] () -- C:\Users\CYA\Desktop\Dr. Dre -Ackrite.mp3
[2011/07/24 00:20:49 | 006,804,034 | ---- | M] () -- C:\Users\CYA\Desktop\RUFFNECK (FLEX) - SKRILLEX.mp3
[2011/07/24 00:16:00 | 007,084,275 | ---- | M] () -- C:\Users\CYA\Desktop\Feed Me - Strange Behaviour (ft. Tasha Baxter).mp3
[2011/07/23 04:01:13 | 004,367,287 | ---- | M] () -- C:\Users\CYA\Desktop\Doctor P - Sweet Shop (Friction vs Camo & Krooked Remix).mp3
[2011/07/23 03:58:01 | 200,486,951 | ---- | M] () -- C:\Users\CYA\Desktop\Skrillex - Rock n Roll (Will Take You to the Mountain).mp4
[2011/07/23 03:53:51 | 005,765,361 | ---- | M] () -- C:\Users\CYA\Desktop\'Still Gettin It' Foreign Beggars feat Skrillex.mp3
[2011/07/23 03:48:06 | 025,659,988 | ---- | M] () -- C:\Users\CYA\Desktop\FIRST OF THE YEAR (EQUINOX) - SKRILLEX.mp4
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\CYA\Desktop\*.tmp files -> C:\Users\CYA\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/20 14:55:21 | 000,001,189 | ---- | C] () -- C:\Users\CYA\Desktop\OTM.exe - Shortcut (2).lnk
[2011/08/20 14:55:06 | 000,002,211 | ---- | C] () -- C:\Users\CYA\Desktop\OTM.exe - Shortcut.lnk
[2011/08/20 14:50:57 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/20 11:53:04 | 000,001,228 | ---- | C] () -- C:\Users\CYA\Desktop\ComboFix (1) - Shortcut.lnk
[2011/08/20 11:08:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/20 11:08:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/20 11:08:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/20 11:08:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/20 11:08:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/20 01:42:26 | 000,000,174 | ---- | C] () -- C:\Users\Public\Desktop\Amazon.url
[2011/08/19 16:21:14 | 000,267,624 | ---- | C] () -- C:\Users\CYA\Documents\Wounded Warrior Event.pdf
[2011/08/19 16:17:05 | 000,293,174 | ---- | C] () -- C:\Users\CYA\Documents\Attachments_2011_08_19.zip
[2011/08/16 02:27:30 | 001,285,269 | ---- | C] () -- C:\Users\CYA\Desktop\untitled.mp3
[2011/08/13 23:28:10 | 000,000,935 | ---- | C] () -- C:\Users\CYA\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011/08/13 23:24:52 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2011/08/11 17:39:22 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv9700 Notebook PC_Y5335KV_0U_QCNF8303Q4Z_E480576-003_4A_I30D1_SQuanta_V85.26_F.34_T110322_WV3-2_L409_M3007_J250_7AMD_8F82_92.00_#090731_N10DE054C;168C001C_(FE694UA#ABA)_XMOBILE_CN10_Z.MRK
[2011/08/11 15:30:08 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[2011/08/11 10:53:21 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/08/11 10:53:21 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/08/10 21:47:55 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/10 21:28:16 | 000,000,943 | ---- | C] () -- C:\Users\CYA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/10 21:17:23 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/04 15:07:19 | 3152,977,920 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/03 12:22:05 | 282,064,908 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/03 12:21:13 | 002,207,052 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\Cat.DB
[2011/08/02 17:27:07 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnetv.cat
[2011/08/02 17:27:07 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnet.cat
[2011/08/02 17:27:07 | 000,001,474 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnetv.inf
[2011/08/02 17:27:07 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symnet.inf
[2011/08/02 17:27:06 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.cat
[2011/08/02 17:27:06 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.cat
[2011/08/02 17:27:06 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symefa.inf
[2011/08/02 17:27:06 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.inf
[2011/08/02 17:27:06 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtspx.inf
[2011/08/02 17:27:05 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.cat
[2011/08/02 17:27:05 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\srtsp.inf
[2011/08/02 17:27:03 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\iron.cat
[2011/08/02 17:27:03 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\iron.inf
[2011/08/02 17:25:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\symds.cat
[2011/08/02 17:24:56 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1206000.01D\isolate.ini
[2011/08/02 14:16:14 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/08/02 14:16:14 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/08/02 14:15:53 | 000,002,125 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011/07/25 01:05:20 | 006,555,930 | ---- | C] () -- C:\Users\CYA\Desktop\Mos Def - Summertime.mp3
[2011/07/25 01:03:24 | 006,503,894 | ---- | C] () -- C:\Users\CYA\Desktop\Mos Def- Sunshine.mp3
[2011/07/25 01:02:17 | 005,720,221 | ---- | C] () -- C:\Users\CYA\Desktop\Dre & Snoop Doggy Dog - aint nothing but a g-thang.mp3
[2011/07/25 01:01:06 | 005,290,141 | ---- | C] () -- C:\Users\CYA\Desktop\Dr. Dre -Ackrite.mp3
[2011/07/25 00:57:54 | 003,558,998 | ---- | C] () -- C:\Users\CYA\Desktop\Dr Dre - Murder Ink.mp3
[2011/07/23 04:00:59 | 004,367,287 | ---- | C] () -- C:\Users\CYA\Desktop\Doctor P - Sweet Shop (Friction vs Camo & Krooked Remix).mp3
[2011/07/23 03:58:01 | 200,486,951 | ---- | C] () -- C:\Users\CYA\Desktop\Skrillex - Rock n Roll (Will Take You to the Mountain).mp4
[2011/07/23 03:55:18 | 007,084,275 | ---- | C] () -- C:\Users\CYA\Desktop\Feed Me - Strange Behaviour (ft. Tasha Baxter).mp3
[2011/07/23 03:53:30 | 005,765,361 | ---- | C] () -- C:\Users\CYA\Desktop\'Still Gettin It' Foreign Beggars feat Skrillex.mp3
[2011/07/23 03:50:23 | 006,804,034 | ---- | C] () -- C:\Users\CYA\Desktop\RUFFNECK (FLEX) - SKRILLEX.mp3
[2011/07/23 03:48:06 | 025,659,988 | ---- | C] () -- C:\Users\CYA\Desktop\FIRST OF THE YEAR (EQUINOX) - SKRILLEX.mp4
[2011/06/25 14:45:40 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/20 15:12:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/20 01:31:57 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2011/06/16 15:52:20 | 000,009,912 | -HS- | C] () -- C:\Users\CYA\AppData\Local\yns151l07r0mvf4348t8vrbb763qw45h8
[2011/06/16 15:52:20 | 000,009,912 | -HS- | C] () -- C:\ProgramData\yns151l07r0mvf4348t8vrbb763qw45h8
[2011/06/13 09:01:39 | 000,000,060 | ---- | C] () -- C:\ProgramData\1e1cdd8a
[2011/05/27 21:42:06 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~45931164r
[2011/05/27 21:42:06 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~45931164
[2011/05/27 21:41:59 | 000,000,392 | -H-- | C] () -- C:\ProgramData\45931164
[2011/04/13 15:49:45 | 000,176,780 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/05/16 20:03:03 | 000,006,944 | ---- | C] () -- C:\Users\CYA\AppData\Local\d3d9caps.dat
[2010/03/16 20:29:11 | 000,000,171 | -H-- | C] () -- C:\Users\CYA\AppData\Local\rahistory.xml
[2009/10/08 20:30:01 | 000,130,920 | ---- | C] () -- C:\Windows\hpoins21.dat
[2009/10/08 20:30:01 | 000,008,252 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2009/09/24 06:51:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 06:51:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/11 21:25:10 | 000,000,078 | -H-- | C] () -- C:\Users\CYA\AppData\Roaming\wklnhst.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/31 23:03:37 | 000,013,312 | ---- | C] () -- C:\Users\CYA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 21:19:27 | 000,095,433 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009/07/31 20:49:09 | 000,095,433 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/31 17:08:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/22 04:40:04 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/22 04:36:25 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/08/22 03:58:40 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/22 02:52:26 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/09/05 15:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,387,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/05/24 11:04:14 | 000,000,133 | ---- | C] () -- C:\Windows\System32\ftdiun2k.ini
[2006/05/24 10:40:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\ftdiunin.exe
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/08/11 01:55:38 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\.minecraft
[2010/10/31 12:48:00 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Amazon
[2011/04/19 09:40:19 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\AVG10
[2011/08/10 11:05:09 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Blitware
[2010/01/03 15:20:54 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\funkitron
[2011/08/10 10:45:36 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\GlarySoft
[2011/06/11 03:22:42 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\ICAClient
[2011/08/10 23:25:28 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\IObit
[2011/07/10 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Macroplant, LLC
[2010/01/02 15:08:09 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Magic Academy
[2009/12/25 16:09:18 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Oberonv1002
[2011/08/20 00:30:29 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\OpenCandy
[2010/06/29 22:20:10 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\PlayFirst
[2010/06/15 21:09:59 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Smith Micro
[2011/08/11 09:19:21 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Systweak
[2009/08/11 21:25:26 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Template
[2011/08/19 15:43:59 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\Tific
[2010/06/14 20:03:17 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\Titanium Gears
[2011/08/20 13:23:14 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\uTorrent
[2011/08/20 01:42:36 | 000,000,000 | ---D | M] -- C:\Users\CYA\AppData\Roaming\VDownloader
[2009/08/08 19:10:35 | 000,000,000 | -H-D | M] -- C:\Users\CYA\AppData\Roaming\WildTangent
[2011/06/11 03:22:44 | 000,000,000 | ---D | M] -- C:\Users\Devon\AppData\Roaming\ICAClient
[2011/07/05 15:18:18 | 000,000,000 | ---D | M] -- C:\Users\Devon\AppData\Roaming\IObit
[2011/08/20 15:22:18 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C8A26DAA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CF2C26D2

< End of report >

Extras.txt

OTL Extras logfile created on: 8/20/2011 3:30:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = c:\Users\CYA\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 59.55% Memory free
6.07 Gb Paging File | 4.94 Gb Available in Paging File | 81.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.05 Gb Total Space | 137.04 Gb Free Space | 62.00% Space Free | Partition Type: NTFS
Drive D: | 11.84 Gb Total Space | 2.00 Gb Free Space | 16.93% Space Free | Partition Type: NTFS

Computer Name: CYA | User Name: CYA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-856919484-758718920-2567828494-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00935251-EDE3-42E3-9671-932A04839584}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0560A9A0-B87F-4736-A10B-FF6282A23448}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08A500A0-73D2-49DC-BCD6-16EA3AB52710}" = rport=138 | protocol=17 | dir=out | app=system |
"{0E05FD4C-E060-4C78-95A5-B31E56EC6C01}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{140B7189-1064-4E6C-952E-0F5D01EF2BD6}" = lport=139 | protocol=6 | dir=in | app=system |
"{1C1755DB-0F6C-417F-AA0A-F6FE9F78324D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BED2209-67A8-47C6-8733-8B719AA1E014}" = lport=138 | protocol=17 | dir=in | app=system |
"{35ECA00B-D892-4DEB-9393-10CCE3F890F6}" = rport=139 | protocol=6 | dir=out | app=system |
"{3A09C1C5-512D-4308-B4A6-D59C96F655A8}" = rport=445 | protocol=6 | dir=out | app=system |
"{494D96A8-5FC2-4418-9925-114869D885FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51997745-7262-4A79-B811-EFFB9C60CFB0}" = lport=445 | protocol=6 | dir=in | app=system |
"{61D5C99E-C19A-40BB-AF4F-AF1EF1B765A4}" = rport=137 | protocol=17 | dir=out | app=system |
"{7BC7FE03-BEE8-4351-AA90-D08D146D4100}" = lport=137 | protocol=17 | dir=in | app=system |
"{9D4B4930-2FA2-4E96-8F5E-08EB08078D7E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A52B9D47-FEE8-4748-ADDF-D2724F89E236}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BB7C4640-7DE7-470E-9827-03573814E3BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C41ABA97-89C2-4201-BEF6-26A1B2329D25}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E6F6FB1F-0F68-42AB-93D0-C0BF5E00E83E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F9104B9F-6487-4352-A803-785352ED7830}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017B9052-4885-4F82-8C87-3FD4B579629B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{0899873C-2FE3-4B8F-BF67-37505FC391EB}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{08BE1058-67A4-4755-B9A6-12E331837E26}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0C0AE36E-0E4D-4D72-B323-16F8B9FD8616}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10AE8740-C425-4055-B050-D2C8D8A914CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{19C82F78-ADB6-4F18-A707-7C6BFBEA2F2E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{24F97DBE-CFF3-4FE9-9C5F-4AEAA829CD25}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{28EDC14B-99C5-4DC4-A9A2-946AA504CA40}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{2BF17F72-D420-4EF4-AF7D-D5230D4CAB60}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3766594E-38CE-46AC-B9C8-794BEB11F99C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{392F0E1F-13FD-4F43-9992-03C533309E10}" = protocol=17 | dir=in | app=c:\users\cya\appdata\local\microsoft\windows\temporary internet files\content.ie5\3iuv0so7\cnet_ccsetup309_exe.exe |
"{3D9FA2DC-CB1E-4974-9BCC-5AA5024A309B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{3EB90608-F2D6-462D-8E6A-62CB8B73EC00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{42C53CFD-1406-482D-B5ED-AE4F45221F35}" = protocol=58 | dir=in | [email protected],-28545 |
"{446972A3-80ED-478C-B560-F9ED04455FAB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{4A5F6E80-5D0B-4958-8965-3EA5CCA14F1D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4BB3A1D0-A2CC-4556-8BF5-E748F13ED868}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{52781438-FEFE-488B-9FE0-F4A399356C1B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{56F439D1-1C0D-430F-9E2F-22B993104D5A}" = protocol=58 | dir=out | [email protected],-28546 |
"{5AD1CA78-4043-4807-8DD5-27A7AC969269}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5EEB6AF2-FC26-4FA1-B8C6-4477C723F593}" = protocol=6 | dir=in | app=c:\users\cya\appdata\local\microsoft\windows\temporary internet files\content.ie5\3iuv0so7\cnet_ccsetup309_exe.exe |
"{652BE06B-E3B6-42A8-992E-164329AF3447}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{724EBD54-9766-48C4-9D1B-ACA678D78CC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{742C6854-BB12-48F7-B98F-526314D9874A}" = protocol=6 | dir=out | app=system |
"{77C611B3-A5C7-435C-94F8-09BC1E5BECF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{785844F4-5034-4D17-A928-04B0076A0DDA}" = dir=in | app=c:\windows\system32\avicap32.exe |
"{7EBDC63D-2F4A-43D7-BB61-B0D17EF264BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EF8235B-78F0-4E01-A704-1B54FACD99E3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8398D724-43C8-49CC-89F6-316D5D1F5573}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8704DBE3-7AF1-4862-AE7E-6EBFF187BA73}" = dir=in | app=c:\windows\system32\avicap32.exe |
"{89F187DB-E1F7-462A-8B0F-E989D00ED5BD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8D946153-734A-4AEF-937D-4AB324EB2A0F}" = protocol=1 | dir=in | [email protected],-28543 |
"{A134D469-740E-48C2-B273-D7F70A15C42E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A1EB99FB-F5C7-4F40-9FCB-D6A9372CA69C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A26F3BBA-987D-4F4B-8BAC-CDBB5D5AFE69}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A4F615ED-D50A-4B37-A908-F6DAD8113AB0}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{B2B054C1-EC44-4EDD-BC94-112F91BB353F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B83A3F41-6563-48DB-9C69-8596C2E3164A}" = protocol=1 | dir=out | [email protected],-28544 |
"{BF5A3721-FD76-4323-B5D9-59C1CEC971CF}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C70EB426-ACF4-41B3-93F9-3D6D685B1C7C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C7FD07AD-F834-4AE8-939B-5D137B1C71FB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D26F7E56-95A5-42EC-8C2E-988FCA6B0A6E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D553A188-F969-4177-A8DE-ADA0C35515C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6718E64-81DF-4475-B411-5A0CD015F75F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{D7B0DA6F-8D96-4116-9472-AC7645B0A339}" = dir=in | app=c:\windows\system32\avicap32.exe |
"{E44738A6-41AE-4037-BEE5-40311404BCC5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E4F830F4-5E72-4E2E-B4F0-102048384074}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EEBBA209-7816-4D74-9CC4-9FAABFA4E159}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F34084EF-59AA-40AA-A436-19F090371469}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{D0FD675F-DD81-47AB-A1EF-01F6B7C843F5}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{D77B2D18-077B-46E3-91C3-83BE0617F288}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{FB250999-1F22-40DA-A900-138051D6BC7C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{FFC90451-BD76-47ED-93B2-A48CC0FEAD69}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3284DA41-629C-40D2-B36A-8DC56D8227E1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8498229C-9559-4793-94EF-113982890A3A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B8FE8450-85DD-412B-901A-8C80341EED05}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{C625AAC6-BF7D-4DF4-9DC7-077A94030D85}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1EABDDCB-B788-4FD2-BA76-23472D8DD1D6}" = EPSON Easy Photo Print
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E8DD348-4174-4fe8-8FDC-238AAFBD2488}" = HP Photosmart All-In-One Driver Software 9.0.A Corporate Edition
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{753757EB-D718-49FE-B234-AFD0740D10AB}" = Web Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A03848C5-77D2-457a-8404-A1D5A769C87F}" = ps_aio_02_corporate
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.5.864
"{A93762E6-8EA6-4E7F-9557-64E51AA3AB84}" = CASIO USB Driver V1.0.8003.1229
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Pod to PC 4.027
"{D8BB6920-8328-41CD-B71F-9B52EAD9287A}" = SP39415-x86
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FDF64A37-4842-48CD-A424-2C38444D36FD}" = LG Android Drivers
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"ASIO4ALL" = ASIO4ALL
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"conduitEngine" = Conduit Engine
"ENTERPRISE" = Microsoft Office Enterprise 2007
"facetheme" = Facetheme
"FL Studio 10" = FL Studio 10
"FTDICOMM" = FTDI USB Serial Converter Drivers
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"IL Download Manager" = IL Download Manager
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NAV" = Norton AntiVirus
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = File Type Assistant
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"WildTangent hp Master Uninstall" = HP Games
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-856919484-758718920-2567828494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/20/2011 10:10:29 AM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

Error - 8/20/2011 10:10:29 AM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

Error - 8/20/2011 10:11:01 AM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

Error - 8/20/2011 10:11:01 AM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

Error - 8/20/2011 10:11:01 AM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

Error - 8/20/2011 10:11:01 AM | Computer Name = CYA | Source = Windows Search Service | ID = 3013
Description =

Error - 8/20/2011 10:25:11 AM | Computer Name = CYA | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\CYA\Downloads\HitmanPro35_x64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/20/2011 10:35:48 AM | Computer Name = CYA | Source = WinMgmt | ID = 10
Description =

Error - 8/20/2011 11:16:30 AM | Computer Name = CYA | Source = Application Error | ID = 1000
Description = Faulting application PEV.exe, version 0.0.0.0, time stamp 0x4e06cfe8,
faulting module PEV.exe, version 0.0.0.0, time stamp 0x4e06cfe8, exception code
0x40000015, fault offset 0x0008d1c0, process id 0x13f4, application start time 0x01cc5f4c230669e3.

Error - 8/20/2011 11:31:12 AM | Computer Name = CYA | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 3/19/2010 5:38:20 PM | Computer Name = CYA-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 3/8/2010 8:35:52 PM | Computer Name = CYA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 41 seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/18/2010 12:21:18 AM | Computer Name = CYA-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 27 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/20/2011 3:09:16 PM | Computer Name = CYA | Source = Service Control Manager | ID = 7034
Description =

Error - 8/20/2011 3:11:24 PM | Computer Name = CYA | Source = Service Control Manager | ID = 7000
Description =

Error - 8/20/2011 3:11:26 PM | Computer Name = CYA | Source = Service Control Manager | ID = 7026
Description =

Error - 8/20/2011 3:14:43 PM | Computer Name = CYA | Source = PNRPSvc | ID = 102
Description =

Error - 8/20/2011 3:14:43 PM | Computer Name = CYA | Source = Service Control Manager | ID = 7023
Description =

Error - 8/20/2011 3:22:09 PM | Computer Name = CYA | Source = Service Control Manager | ID = 7034
Description =

Error - 8/20/2011 3:24:23 PM | Computer Name = CYA | Source = Service Control Manager | ID = 7000
Description =

Error - 8/20/2011 3:24:24 PM | Computer Name = CYA | Source = Service Control Manager | ID = 7026
Description =

Error - 8/20/2011 3:26:25 PM | Computer Name = CYA | Source = PNRPSvc | ID = 102
Description =

Error - 8/20/2011 3:26:25 PM | Computer Name = CYA | Source = Service Control Manager | ID = 7023
Description =

< End of report >

#10
Gammo

Posted 20 August 2011 - 02:29 PM

Member 2k

Malware Removal
2,299 posts

Hi,

For some reason a bunch of files and folders won't be deleted. Let's try another method.

1. Please download The Avenger by Swandog46 to your Desktop.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
c:\windows\system32\fwcfyzstca.tmp
c:\windows\system32\yqysuydedo.tmp
c:\windows\system32\roboot.exe
c:\windows\system32\avicap32.exe
C:\Windows\System32\*.tmp
C:\Users\CYA\Desktop\*.tmp
C:\Windows\tasks\WinMaximizer-CYA-Startup.job
C:\Windows\tasks\PerfectOptimizer_home.job
C:\Windows\tasks\ARO 2011.job
C:\Users\Public\Desktop\Driver Medic.lnk
C:\Users\CYA\AppData\Local\yns151l07r0mvf4348t8vrbb763qw45h8
C:\ProgramData\yns151l07r0mvf4348t8vrbb763qw45h8
C:\ProgramData\1e1cdd8a
C:\ProgramData\~45931164r
C:\ProgramData\~45931164
C:\ProgramData\45931164

Folders to delete:
c:\users\CYA\AppData\Roaming\OpenCandy
c:\program files\ConduitEngine
c:\users\CYA\AppData\Roaming\Systweak
c:\program files\Object
c:\users\CYA\AppData\Local\Minibar
c:\program files\Burn4Free DB Toolbar
c:\users\CYA\AppData\Roaming\Blitware
c:\program files\Driver Robot
c:\programdata\Driver Boost
c:\program files\DriverBoost
c:\programdata\Driver Medic
c:\programdata\WinMaximizer
c:\programdata\IObit
c:\programdata\~0
c:\program files\Hard Disk Tune-Up
C:\Program Files\Viewpoint
C:\Program Files\StartNow Toolbar
C:\Users\CYA\AppData\Local\PC_Drivers_Headquarters
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Medic
C:\Program Files\Driver Medic
C:\Users\CYA\Documents\DriverGenius
C:\Users\CYA\AppData\Roaming\IObit
C:\Users\Devon\AppData\Roaming\IObit

Registry keys to delete:
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}

Registry values to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {785844F4-5034-4D17-A928-04B0076A0DDA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8704DBE3-7AF1-4862-AE7E-6EBFF187BA73}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D7B0DA6F-8D96-4116-9472-AC7645B0A339}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser | {30F9B915-B755-4826-820B-08FBA6BD249D}

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avengers actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

Run OTL again

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Check the box that says Scan All Users.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it in your topic.

#11
mojoanna1

Posted 20 August 2011 - 03:27 PM

Member

Topic Starter
Member
30 posts

Gammo,
It does not offer extract all... It only offers extract and replace or extract and update. There were no prompts. Only update and overwrite modes.

#12
Gammo

Posted 20 August 2011 - 03:34 PM

Member 2k

Malware Removal
2,299 posts

Try extract and replace then. If it gives you an avenger.exe file it's OK.

#13
mojoanna1

Posted 20 August 2011 - 03:44 PM

Member

Topic Starter
Member
30 posts

Gammo, I selected extract and replace and the box goes away and nothing happens. If I open it back up, it has defaulted back to extract and update. If I right click on the avenger program with the picture of the sword, I window pops up and tells me this program can damage the kernels in my computer if I don't know what I am doing....which I don't. Help!

#14
Gammo

Posted 20 August 2011 - 03:49 PM

Member 2k

Malware Removal
2,299 posts

http://swandog46.gee...er2/avenger.exe

Try this download think. This one doesn't require extracting.

#15
mojoanna1

Posted 20 August 2011 - 04:31 PM

Member

Topic Starter
Member
30 posts

Ok Gammo, this is what the log said. I had to break it down because it needed it in command directive form. Hope I did it right. Thanks for you patience. Susanna

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Aug 20 18:00:30 2011

18:00:29: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Aug 20 18:11:26 2011

18:11:26: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Aug 20 18:12:54 2011

18:12:54: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Aug 20 18:19:21 2011

18:19:14: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\"
Skipping line. (Registry value deletion mode)
18:19:21: Error: Execution aborted by user!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Aug 20 18:22:04 2011

18:21:03: Error: Invalid syntax in command:
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\"
Skipping line. (Registry value deletion mode)
18:21:08: Error: Invalid registry syntax in command:
"FirewallRules|{785844F4-5034-4D17-A928-04B0076A0DDA}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)
18:21:22: Warning: Skipping potentially dangerous line:
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{8704DBE3-7AF1-4862-AE7E-6EBFF187BA73}" (Registry value deletion mode)
18:21:49: Warning: Skipping potentially dangerous line:
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D7B0DA6F-8D96-4116-9472-AC7645B0A339}" (Registry value deletion mode)
18:21:52: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\fwcfyzstca.tmp" deleted successfully.
File "c:\windows\system32\yqysuydedo.tmp" deleted successfully.
File "c:\windows\system32\roboot.exe" deleted successfully.

Error: file "c:\windows\system32\avicap32.exe" not found!
Deletion of file "c:\windows\system32\avicap32.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not open file "C:\Windows\System32\*.tmp"
Deletion of file "C:\Windows\System32\*.tmp" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name

Error: could not open file "C:\Users\CYA\Desktop\*.tmp"
Deletion of file "C:\Users\CYA\Desktop\*.tmp" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name

Error: file "C:\Windows\tasks\WinMaximizer-" not found!
Deletion of file "C:\Windows\tasks\WinMaximizer-" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\tasks\PerfectOptimizer_home.job" not found!
Deletion of file "C:\Windows\tasks\PerfectOptimizer_home.job" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Windows\tasks\ARO 2011.job" not found!
Deletion of file "C:\Windows\tasks\ARO 2011.job" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\Users\Public\Desktop\Driver Medic.lnk" not found!
Deletion of file "C:\Users\Public\Desktop\Driver Medic.lnk" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Users\CYA\AppData\Local\yns151l07r0mvf4348t8vrbb763qw45h8" deleted successfully.
File "C:\ProgramData\yns151l07r0mvf4348t8vrbb763qw45h8" deleted successfully.
File "C:\ProgramData\1e1cdd8a" deleted successfully.
File "C:\ProgramData\~45931164r" deleted successfully.
File "C:\ProgramData\~45931164" deleted successfully.
File "C:\ProgramData\45931164" deleted successfully.
Folder "c:\users\CYA\AppData\Roaming\OpenCandy" deleted successfully.
Folder "c:\program files\ConduitEngine" deleted successfully.
Folder "c:\users\CYA\AppData\Roaming\Systweak" deleted successfully.
Folder "c:\program files\Object" deleted successfully.
Folder "c:\users\CYA\AppData\Local\Minibar" deleted successfully.
Folder "c:\program files\Burn4Free DB Toolbar" deleted successfully.
Folder "c:\users\CYA\AppData\Roaming\Blitware" deleted successfully.
Folder "c:\program files\Driver Robot" deleted successfully.
Folder "c:\programdata\Driver Boost" deleted successfully.
Folder "c:\program files\DriverBoost" deleted successfully.
Folder "c:\programdata\Driver Medic" deleted successfully.
Folder "c:\programdata\WinMaximizer" deleted successfully.
Folder "c:\programdata\IObit" deleted successfully.
Folder "c:\programdata\~0" deleted successfully.
Folder "c:\program files\Hard Disk Tune-Up" deleted successfully.
Folder "C:\Program Files\Viewpoint" deleted successfully.

Error: folder "C:\Program Files\StartNow Toolbar" not found!
Deletion of folder "C:\Program Files\StartNow Toolbar" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Users\CYA\AppData\Local\PC_Drivers_Headquarters" not found!
Deletion of folder "C:\Users\CYA\AppData\Local\PC_Drivers_Headquarters" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Medic" not found!
Deletion of folder "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Medic" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "C:\Program Files\Driver Medic" not found!
Deletion of folder "C:\Program Files\Driver Medic" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\Users\CYA\Documents\DriverGenius" deleted successfully.
Folder "C:\Users\CYA\AppData\Roaming\IObit" deleted successfully.
Folder "C:\Users\Devon\AppData\Roaming" deleted successfully.

Error: folder "IObit Registry keys to delete:" not found!
Deletion of folder "IObit Registry keys to delete:" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: could not open folder "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}"
Deletion of folder "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open folder "HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}"
Deletion of folder "HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Completed script processing.

*******************

Finished! Terminate.