Instructions followed... logs and files pasted or attached.
========== OTL ==========
Prefs.js: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.1.0.2080 removed from extensions.enabledItems
Prefs.js: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5290 removed from extensions.enabledItems
Prefs.js: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.1.0.1960 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21608B66-026F-4DCB-9244-0DACA328DCED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}\ not found.
ADS C:\ProgramData\TEMP:7C017FB1 deleted successfully.
ADS C:\ProgramData\TEMP:522EA216 deleted successfully.
ADS C:\ProgramData\TEMP:38760F1C deleted successfully.
ADS C:\ProgramData\Microsoft:jzmEVGhiTPfMnmHDi7vg57JbjE deleted successfully.
ADS C:\ProgramData\Microsoft:ENyUlAKjVf6osGdVFJUmKF7ps1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Customer\Desktop\cmd.bat deleted successfully.
C:\Users\Customer\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >0 File(s) copied
C:\Users\Customer\Desktop\cmd.bat deleted successfully.
C:\Users\Customer\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >0 File(s) copied
C:\Users\Customer\Desktop\cmd.bat deleted successfully.
C:\Users\Customer\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >0 File(s) copied
C:\Users\Customer\Desktop\cmd.bat deleted successfully.
C:\Users\Customer\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >0 File(s) copied
C:\Users\Customer\Desktop\cmd.bat deleted successfully.
C:\Users\Customer\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Customer
->Flash cache emptied: 2090 bytes
User: Default
->Flash cache emptied: 41 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.26.4 log created on 10122011_194723
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-12 19:57:25
-----------------------------
19:57:25.848 OS Version: Windows 6.0.6002 Service Pack 2
19:57:25.848 Number of processors: 2 586 0xF0D
19:57:25.864 ComputerName: JOEY UserName:
19:57:47.158 Initialize success
19:57:51.713 AVAST engine defs: 11101201
19:58:09.903 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4
19:58:09.903 Disk 0 Vendor: ST3500630AS 3.AAD Size: 476940MB BusType: 3
19:58:11.931 Disk 0 MBR read successfully
19:58:11.946 Disk 0 MBR scan
19:58:11.962 Disk 0 Windows VISTA default MBR code
19:58:11.993 Disk 0 scanning sectors +976771120
19:58:12.118 Disk 0 scanning C:\Windows\system32\drivers
19:58:41.508 Service scanning
19:59:26.124 Modules scanning
19:59:35.796 Disk 0 trace - called modules:
19:59:35.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
19:59:35.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8508eac8]
19:59:35.843 3 CLASSPNP.SYS[89f9e8b3] -> nt!IofCallDriver -> [0x84575520]
19:59:35.859 5 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-4[0x84f26030]
19:59:37.637 AVAST engine scan C:\Windows
19:59:41.912 AVAST engine scan C:\Windows\system32
20:02:54.946 AVAST engine scan C:\Windows\system32\drivers
20:03:18.627 AVAST engine scan C:\Users\Customer
20:09:59.874 File: C:\Users\Customer\AppData\Roaming\Microsoft\Protect\ohll.uo **INFECTED** Win32:Agent-ANGY [Trj]
20:11:54.612 AVAST engine scan C:\ProgramData
20:17:16.581 Scan finished successfully
20:17:44.193 Disk 0 MBR has been saved successfully to "C:\Users\Customer\Desktop\MBR.dat"
20:17:44.193 The log file has been saved successfully to "C:\Users\Customer\Desktop\aswMBR.txt"
OTL logfile created on: 10/12/2011 8:20:55 PM - Run 5
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Customer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.39% Memory free
6.21 Gb Paging File | 4.71 Gb Available in Paging File | 75.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.94 Gb Total Space | 305.14 Gb Free Space | 67.07% Space Free | Partition Type: NTFS
Drive D: | 10.82 Gb Total Space | 4.48 Gb Free Space | 41.42% Space Free | Partition Type: NTFS
Computer Name: JOEY | User Name: Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/10/04 15:30:17 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/09/27 21:00:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/27 21:00:06 | 004,611,456 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/08/30 12:18:31 | 002,143,104 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe
PRC - [2011/08/30 12:18:30 | 008,093,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/30 11:26:55 | 000,108,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\tv_w32.exe
PRC - [2011/08/16 20:48:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Customer\Desktop\OTL.exe
PRC - [2011/07/27 17:36:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/08 14:18:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 10:11:20 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/24 14:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1229908720\ee\aolsoftware.exe
PRC - [2008/01/19 03:38:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007/07/05 23:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2006/11/08 19:28:12 | 000,024,848 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2006/11/07 18:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\WINDOWS\ModPS2Key.exe
PRC - [2006/11/07 18:08:40 | 000,547,840 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/10/05 02:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe
========== Modules (No Company Name) ========== MOD - [2011/10/12 19:49:31 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/10/12 19:49:31 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/04 15:30:17 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/09/27 20:57:34 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/09/27 20:57:34 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2007/05/30 06:01:00 | 000,249,856 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll
MOD - [2006/11/07 18:08:40 | 000,547,840 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Akamai)
SRV - [2011/09/27 21:00:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/07/27 17:36:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/08 14:18:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/24 12:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/10/05 02:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)
========== Driver Services (SafeList) ========== DRV - [2011/07/27 17:36:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/27 17:36:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/06/25 01:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/16 13:28:02 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/04/08 23:47:12 | 000,401,408 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVer88xHD.sys -- (AVer88xHD)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/05 00:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/05/07 06:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.gateway.c...ys=DTP&M=GT5622IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.c...ys=DTP&M=GT5622IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.gateway.c...ys=DTP&M=GT5622IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL =
http://www.gateway.c...ys=DTP&M=GT5622IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.c...ys=DTP&M=GT5622IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL =
http://www.gateway.c...ys=DTP&M=GT5622IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.gateway.c...ys=DTP&M=GT5622IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.aol.com/IE - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/01/23 23:06:25 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 00:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2010/01/18 18:26:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Customer\AppData\Roaming\mozilla\Extensions
[2011/10/02 09:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Customer\AppData\Roaming\mozilla\Firefox\Profiles\t48wio91.default\extensions
[2010/05/23 08:34:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Customer\AppData\Roaming\mozilla\Firefox\Profiles\t48wio91.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/29 17:00:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Customer\AppData\Roaming\mozilla\Firefox\Profiles\t48wio91.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/02 09:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/02 09:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
File not found (No name found) --
[2011/09/30 00:07:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/22 21:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/09/28 00:57:36 | 000,437,632 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15054 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1229908720\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [NapsterShell] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821}
http://www.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874}
http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6}
http://atv.disney.go...y/OTOYAX29b.cab (Groove Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}
http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717}
http://www.worldwinn...cubis/cubis.cab (Cubis Control)
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42}
http://www.worldwinn...luxor/luxor.cab (WwLuxor Control)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429}
http://aolsvc.aol.co...esPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39}
http://www.worldwinn...ly/monopoly.cab (Monopoly Control)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47}
http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
http://games.pogo.co...aploader_v5.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Christine's PC\Pictures\My Pictures\West Hollywood View.jpg
O24 - Desktop BackupWallPaper: C:\Christine's PC\Pictures\My Pictures\West Hollywood View.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{52f5d4fa-feed-11de-bb82-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{52f5d4fa-feed-11de-bb82-00038a000015}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{853a76e1-989f-11de-b1f3-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{853a76e1-989f-11de-b1f3-00038a000015}\Shell\AutoRun\command - "" = M:\LaunchU3.exe
O33 - MountPoints2\{853a76ef-989f-11de-b1f3-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{853a76ef-989f-11de-b1f3-00038a000015}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{c6f7bbe7-e078-11dd-9788-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{c6f7bbe7-e078-11dd-9788-00038a000015}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2011/10/12 19:52:06 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Customer\Desktop\aswMBR.exe
[2011/10/12 19:47:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/04 15:57:48 | 000,000,000 | ---D | C] -- C:\Users\Customer\riotsGamesLogs
[2011/10/04 15:57:10 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\LolClient
[2011/10/04 15:52:27 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/10/04 15:52:27 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011/10/04 15:52:27 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/10/04 15:52:27 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011/10/04 15:52:27 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/10/04 15:46:38 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/10/04 15:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/10/04 15:31:21 | 000,000,000 | ---D | C] -- C:\Users\Customer\Documents\LeagueOfLegends
[2011/10/02 17:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/10/02 12:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/10/02 12:10:18 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\Yahoo!
[2011/10/02 12:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/10/02 10:10:03 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Customer\Desktop\OTL.exe
[2011/10/02 09:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/10/02 09:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/02 09:47:51 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/10/02 09:47:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/02 09:47:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/02 09:47:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/02 09:27:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/02 09:02:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/02 09:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/02 09:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/10/01 14:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2011/10/01 14:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/10/01 14:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/10/01 14:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/10/01 13:49:46 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/09/29 15:57:50 | 000,000,000 | ---D | C] -- C:\Users\Customer\Documents\TDSSKiller
[2011/09/29 09:25:56 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\Sammsoft
[2011/09/29 00:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/09/28 01:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/09/28 00:15:43 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/09/27 23:34:37 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\TeamViewer
[2011/09/27 23:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/09/27 23:15:02 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/27 23:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/09/27 23:05:40 | 000,000,000 | ---D | C] -- C:\Windows\Start Menu
[2011/09/27 20:57:26 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/27 20:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/09/27 20:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/09/27 20:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/09/27 20:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/27 19:35:09 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair
[2011/09/26 23:15:08 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
========== Files - Modified Within 30 Days ========== [2011/10/12 20:22:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/12 20:17:44 | 000,000,512 | ---- | M] () -- C:\Users\Customer\Desktop\MBR.dat
[2011/10/12 19:48:49 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Customer\Desktop\aswMBR.exe
[2011/10/12 19:48:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/12 19:48:47 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 19:48:47 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 19:48:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/12 19:48:40 | 3212,173,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/04 15:52:28 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/10/03 16:14:06 | 000,002,627 | ---- | M] () -- C:\Users\Customer\Desktop\Microsoft Office Word 2007.lnk
[2011/10/02 16:23:07 | 000,061,952 | ---- | M] () -- C:\Users\Customer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/02 12:10:10 | 000,000,966 | ---- | M] () -- C:\Users\Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/02 12:10:10 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/10/02 09:47:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/10/02 09:47:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/02 09:47:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/02 09:47:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/02 09:00:34 | 000,000,714 | ---- | M] () -- C:\Users\Customer\Desktop\ERUNT.lnk
[2011/10/01 14:37:11 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/01 14:34:57 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/10/01 14:31:25 | 000,000,812 | ---- | M] () -- C:\Users\Customer\Desktop\SpywareBlaster.lnk
[2011/10/01 13:49:46 | 000,001,057 | ---- | M] () -- C:\Users\Customer\Desktop\Revo Uninstaller.lnk
[2011/09/29 16:14:46 | 003,067,400 | ---- | M] () -- C:\Users\Customer\Documents\Setup_MagicISO.exe
[2011/09/29 15:56:37 | 000,730,072 | ---- | M] () -- C:\Users\Customer\Desktop\st-softonic-sntb.exe
[2011/09/29 15:34:09 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/29 15:34:09 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/29 00:05:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/28 00:57:36 | 000,437,632 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/27 23:36:57 | 000,000,680 | ---- | M] () -- C:\Users\Customer\AppData\Local\d3d9caps.dat
[2011/09/27 23:19:10 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/27 23:14:50 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/09/27 20:57:15 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/27 19:40:10 | 000,000,416 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/27 19:35:25 | 000,000,627 | ---- | M] () -- C:\Users\Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Repair.lnk
[2011/09/27 19:35:25 | 000,000,208 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/09/27 19:35:25 | 000,000,128 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/09/27 00:24:03 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
========== Files Created - No Company Name ========== [2011/10/12 20:17:44 | 000,000,512 | ---- | C] () -- C:\Users\Customer\Desktop\MBR.dat
[2011/10/04 15:52:28 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/10/02 12:10:10 | 000,000,966 | ---- | C] () -- C:\Users\Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/02 12:10:10 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/10/02 09:00:34 | 000,000,714 | ---- | C] () -- C:\Users\Customer\Desktop\ERUNT.lnk
[2011/10/01 14:34:57 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/10/01 14:31:25 | 000,000,812 | ---- | C] () -- C:\Users\Customer\Desktop\SpywareBlaster.lnk
[2011/10/01 13:49:46 | 000,001,057 | ---- | C] () -- C:\Users\Customer\Desktop\Revo Uninstaller.lnk
[2011/09/29 16:14:35 | 003,067,400 | ---- | C] () -- C:\Users\Customer\Documents\Setup_MagicISO.exe
[2011/09/29 15:56:33 | 000,730,072 | ---- | C] () -- C:\Users\Customer\Desktop\st-softonic-sntb.exe
[2011/09/28 01:03:13 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/27 23:51:07 | 3212,173,312 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/27 23:36:57 | 000,000,680 | ---- | C] () -- C:\Users\Customer\AppData\Local\d3d9caps.dat
[2011/09/27 23:19:10 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/27 23:19:10 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/27 23:14:50 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/09/27 23:14:50 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/09/27 20:57:15 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/27 19:35:25 | 000,000,627 | ---- | C] () -- C:\Users\Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Repair.lnk
[2011/09/27 19:35:25 | 000,000,208 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/09/27 19:35:25 | 000,000,128 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/09/27 19:35:01 | 000,000,416 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/27 00:24:03 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/04 18:45:28 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/08/04 16:52:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/04 16:52:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 07:58:29 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/07/29 07:58:28 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2009/05/24 12:10:19 | 000,000,692 | ---- | C] () -- C:\Windows\hegames.ini
[2009/01/12 03:07:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/11 21:43:24 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/21 20:57:37 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/12/05 17:46:36 | 000,061,952 | ---- | C] () -- C:\Users\Customer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/20 21:58:20 | 000,054,608 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2007/11/28 20:50:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2006/11/22 18:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 14:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,295,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 20:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2002/02/28 05:25:33 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
[2002/02/28 05:25:33 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2002/02/28 05:25:33 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2002/02/28 05:25:33 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
========== LOP Check ========== [2009/11/29 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\FOG Downloader
[2010/04/27 19:20:15 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\ICAClient
[2011/10/04 15:57:10 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\LolClient
[2009/10/07 19:01:23 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\PACE Anti-Piracy
[2009/02/17 14:57:35 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\PlayFirst
[2009/10/09 16:37:29 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\PokemonPMDInstaller[1]
[2009/10/09 16:37:52 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\PokemonPMDWidget
[2011/10/01 14:22:52 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\Sammsoft
[2008/12/05 17:25:32 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\SampleView
[2009/01/11 21:43:37 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\Spare Backup
[2011/09/27 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\TeamViewer
[2009/05/31 21:12:45 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\WildTangent
[2011/10/12 19:47:38 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/12/22 01:19:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/12/22 01:19:56 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/12/22 01:19:55 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/12/22 01:23:43 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/12/22 01:23:43 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/12/22 01:19:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.1\accdef.exe -rb [2008/11/06 07:42:54 | 000,016,680 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.1\accdef.exe -hb [2008/11/06 07:42:54 | 000,016,680 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.1\accdef.exe -sb [2008/11/06 07:42:54 | 000,016,680 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.1\aol.exe [2008/11/06 07:42:54 | 000,050,472 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/30 00:07:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/30 00:07:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/30 00:07:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/30 00:07:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/30 00:07:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/30 00:07:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.1\accdef.exe -rb [2008/11/06 07:42:54 | 000,016,680 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.1\accdef.exe -hb [2008/11/06 07:42:54 | 000,016,680 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.1\accdef.exe -sb [2008/11/06 07:42:54 | 000,016,680 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.1\aol.exe [2008/11/06 07:42:54 | 000,050,472 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/30 00:07:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/30 00:07:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/30 00:07:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/30 00:07:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/30 00:07:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/30 00:07:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)
< End of report >
OTL Extras logfile created on: 10/12/2011 8:20:55 PM - Run 5
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Customer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.39% Memory free
6.21 Gb Paging File | 4.71 Gb Available in Paging File | 75.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.94 Gb Total Space | 305.14 Gb Free Space | 67.07% Space Free | Partition Type: NTFS
Drive D: | 10.82 Gb Total Space | 4.48 Gb Free Space | 41.42% Space Free | Partition Type: NTFS
Computer Name: JOEY | User Name: Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-84770560-3067396919-1502540133-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\system\rundll32.exe" = C:\WINDOWS\system\rundll32.exe:*:Enabled:rundll32
"C:\Users\Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4O1EH4CD\installer_70100[1].exe" = C:\Users\Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4O1EH4CD\installer_70100[1].exe:*:Enabled:installer
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D1A341-4FF7-4028-852F-2003903F3F38}" = lport=138 | protocol=17 | dir=in | app=system |
"{0516F6CF-C0BC-449C-A871-DCE77E636C7F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{1D43AB11-4862-4157-A4FC-9A7A5274BCF0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33B79369-A7EE-4A5A-B342-8458DAE72EB8}" = rport=139 | protocol=6 | dir=out | app=system |
"{3B6DF945-BF5C-4D7F-B080-B2D76011FB32}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5F913E01-6905-4B37-9D30-BD61257B2899}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7111BBA4-49ED-48AE-B4D5-339584B64676}" = rport=445 | protocol=6 | dir=out | app=system |
"{8230EC21-7F5B-47C1-98E6-4C3924740AE8}" = rport=138 | protocol=17 | dir=out | app=system |
"{82C636C1-F043-4914-B1B2-1E16FE06F2AC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{843E6BCA-AEC6-41A6-B7AA-F31111DDBBFD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86047A19-EDB5-4BDE-876A-F0EF9F4BF3B2}" = lport=139 | protocol=6 | dir=in | app=system |
"{9526E3C3-55E4-4FCE-8830-DAC5DE71A112}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9835F4D0-6746-45D5-ACF0-EC36BCC20A91}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B18E638F-5370-4784-9F5D-310EBED2B53D}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB8D3334-EE8A-4A5B-8CB9-BDC87A86AD79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5402D2E-AD0C-4413-9D36-BEF24BD77EFE}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA54E6F0-703C-48E2-A75E-F762C4A3B637}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBCE3CC8-23DA-4D94-8E15-8E4AD301F7E4}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0184F07D-F947-4A93-9A86-95D346E73AC8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{1A2A4EA4-4215-4F72-BECA-03D902791145}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{1A301CD4-2B49-47F4-856A-7C82728F5E15}" = protocol=58 | dir=in |
[email protected],-28545 |
"{3B7308C4-4AEC-40DD-903F-F1896315B4DC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{41E93F3B-ED87-4E91-AB18-C18CE2AD56A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4794C3B8-66D9-4F3B-8D9D-35F0DE8311CC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{508EB43D-8A0D-4C74-8403-C585908CE331}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{54234591-7A89-460B-A477-D05D952335B3}" = protocol=1 | dir=out |
[email protected],-28544 |
"{59542853-B547-491C-AB6C-3ED4D976DF40}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{618D417E-0F37-48B7-80CA-FDA430A9AF0E}" = protocol=58 | dir=out |
[email protected],-28546 |
"{71C76876-AC49-474A-B164-CA640705CEC8}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7C61E42F-ACCC-4A63-A882-00F3A1656AA0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8CAC73E8-3109-49AE-98CF-3116A25E5BE5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8DC197D7-85F8-493F-BAD1-C62B332942FD}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{92CEDD00-F84A-48A1-9F68-A428250CFB4A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{99658954-3B2F-4E09-B8F1-5300E5816206}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9E259FA7-3236-4D2C-89CF-B0A832540989}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{A101D559-4048-44B4-96B9-DE2645B2AA61}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A69CAD77-B023-4A50-9C06-01189641DFD6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AB52AC76-9A14-4D7E-B876-0A320B4A41C8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{B6594EF4-2931-44A0-ACB6-FA359320EDAC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1229908720\ee\aolsoftware.exe |
"{BA86B1BC-E070-4608-87C8-4E2B821BF48F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{BF4A719C-10B2-4C5C-B895-F24B27D01EC4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{CAD79C51-CF01-4E29-8F33-7645A5E78D47}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{CCA89F5D-2B16-4994-A0AD-4842A5AD0DA9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{CD8BF68D-66D8-4880-83C3-66793572C1F3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D472991E-0B40-4830-BF12-70ABBCC56C7C}" = protocol=1 | dir=in |
[email protected],-28543 |
"{DBA365B5-C330-48A3-A93D-6B8D774964C6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E28B6B27-CFA2-4748-B873-0B90C9B786C4}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{EB74270D-6C2B-4299-A874-7E393B6B540D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{F426B6B9-C1F9-4D95-83A8-F41FB7BE7B5B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1229908720\ee\aolsoftware.exe |
"{F6DEDE40-0D24-4CC1-8B8C-27F4C2AA3404}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{FC02A5CE-419D-4CAA-8AF2-4AC3EFA6DAD7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"TCP Query User{73AE7DC4-865B-4542-A386-DD9D26408167}C:\ntreev usa\grand chase\main.exe" = protocol=6 | dir=in | app=c:\ntreev usa\grand chase\main.exe |
"UDP Query User{DEBCACDF-2BA9-4596-8083-D852EE91A62C}C:\ntreev usa\grand chase\main.exe" = protocol=17 | dir=in | app=c:\ntreev usa\grand chase\main.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0AF3FEAE-B651-4421-97EF-4808A588B4E5}" = LastChaos
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C08817B-D670-4779-91B5-689B7787BD03}" = Big Green Help
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A20E6E28-C9B4-40F2-88C4-0168917AAA96}" = Nanovor
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A68E2DF5-AC4E-40AD-875A-2D278EF0CA96}" = Fiesta
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1BA4778-61DB-4405-AD57-03C939080E19}" = Chaotic
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Akamai" = Akamai NetSession Interface
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVerMedia M791 PCIe Combo NTSC/ATSC" = AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.0.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bakugan Attributes Screensaver" = Bakugan Attributes Screensaver
"Burger Shop" = Burger Shop (remove only)
"CameraUserGuide-PSSD1300IS_IXUS105" = Canon PowerShot SD1300 IS_IXUS 105 Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"Citrix Program Neighborhood" = Citrix Program Neighborhood
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Defraggler" = Defraggler
"Disney Toontown Online" = Disney Toontown Online
"ERUNT_is1" = ERUNT 1.1j
"Free Realms Installer" = Free Realms Installer
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Grand Chase" = Grand Chase
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"iCarly - iDream in Toons" = iCarly - iDream in Toons
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2007b" = Microsoft Money Essentials
"Monopoly - SpongeBob SquarePants Edition" = Monopoly - SpongeBob SquarePants Edition
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MWSnap 3" = MWSnap 3
"MyCamera" = Canon Utilities MyCamera
"Nicktoons HoverZone" = Nicktoons HoverZone
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Playsushi" = Playsushi
"PrintKey2000" = PrintKey2000
"Recuva" = Recuva (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.93
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpongeBob SquarePants Diner Dash 2" = SpongeBob SquarePants Diner Dash 2
"SpywareBlaster_is1" = SpywareBlaster 4.4
"TeamViewer 6" = TeamViewer 6
"The Game of Life - SpongeBob SquarePants Edition" = The Game of Life - SpongeBob SquarePants Edition
"U.B. Funkeys" = U.B. Funkeys
"Unity" = Unity
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent gateway Master Uninstall" = Gateway Games
"WildTangent wildgames Master Uninstall" = WildGames
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-84770560-3067396919-1502540133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"World of Warcraft Trial" = World of Warcraft Trial
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 9/29/2011 7:50:46 PM | Computer Name = Customer-PC | Source = Application Error | ID = 1000
Description = Faulting application YAHOOM~1.EXE, version 11.0.0.2014, time stamp
0x4e521030, faulting module RPCRT4.dll, version 6.0.6002.18024, time stamp 0x49f05bcc,
exception code 0xc0000005, fault offset 0x000ae0d9, process id 0x10b4, application
start time 0x01cc7da4c00584f0.
Error - 10/1/2011 1:50:54 PM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =
Error - 10/1/2011 1:52:38 PM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =
Error - 10/1/2011 1:54:59 PM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =
Error - 10/1/2011 1:55:56 PM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =
Error - 10/1/2011 1:57:10 PM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =
Error - 10/1/2011 2:22:20 PM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =
Error - 10/2/2011 9:38:57 AM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =
Error - 10/2/2011 9:43:31 AM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =
Error - 10/2/2011 12:31:40 PM | Computer Name = Customer-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 8c8 Start Time: 01cc811d608ee312 Termination Time: 0
[ Media Center Events ]
Error - 8/16/2009 11:33:59 PM | Computer Name = Customer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 10/8/2009 3:30:02 PM | Computer Name = Customer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 10/4/2011 4:08:56 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7031
Description =
Error - 10/5/2011 4:35:19 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =
Error - 10/6/2011 8:08:15 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =
Error - 10/8/2011 8:37:24 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =
Error - 10/9/2011 6:36:11 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =
Error - 10/9/2011 9:03:16 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =
Error - 10/9/2011 9:41:17 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =
Error - 10/10/2011 3:01:20 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =
Error - 10/12/2011 7:41:35 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =
Error - 10/12/2011 7:48:58 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =
< End of report >