Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help cleaning virus/infected computer "Windows - Delayed Writ


  • This topic is locked This topic is locked

#1
s0nginmyheart

s0nginmyheart

    Member

  • Member
  • PipPipPip
  • 147 posts
Hi -

Another one of our computers just caught a virus/spam and need help cleaning it. Upon start up, about two dozen windows pop up that say "Windows - Delayed Write Failed" file\\System32\\000028f2 The File is corrupt or unreadable. This error may be caused by a PC hardware problem.

There are no files/programs in our start list. Running Windows Vista Home.

I ran Rogue Killer and I will post initial results in following posts.

Edited by s0nginmyheart, 16 January 2012 - 11:26 AM.

  • 0

Advertisements


#2
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Safe mode with network support
User: user [Admin rights]
Mode: Remove -- Date : 01/16/2012 11:19:23

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 16 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : SmileboxTray ("C:\Users\user\AppData\Roaming\Smilebox\SmileboxTray.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : TxWbdDFHVk.exe (C:\ProgramData\TxWbdDFHVk.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Wow6432Node\Run : FbrOmxdiOSr.exe (C:\ProgramData\FbrOmxdiOSr.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : Classes (C:\Users\user\AppData\Roaming\4D2BC7.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Winlogon : Shell (C:\Users\user\AppData\Roaming\hotfix.exe) -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8cc55f5c77e7f0bfc1d703205736c49c
[BSP] 309fdfd200901d3359dd1e035123a213 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 485982 Mo
1 - [XXXXXX] NTFS [HIDDEN!] Offset (sectors): 976768065 | Size: 2 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 949184460 | Size: 14122 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#3
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Safe mode with network support
User: user [Admin rights]
Mode: Shortcuts HJfix -- Date : 01/16/2012 11:30:19

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 9 / Fail 0
Quick launch: Success 8 / Fail 0
Programs: Success 58702 / Fail 0
Start menu: Success 261 / Fail 0
User folder: Success 4873 / Fail 0
My documents: Success 43 / Fail 0
My favorites: Success 42 / Fail 0
My pictures: Success 74 / Fail 0
My music: Success 3 / Fail 0
My videos: Success 2 / Fail 0
Local drives: Success 30642 / Fail 0
Backup: [FOUND] Success 207 / Fail 1

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume7 -- 0x2 --> Restored

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#4
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
OTL logfile created on: 1/16/2012 11:33:17 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Documents\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 75.06% Memory free
7.68 Gb Paging File | 6.94 Gb Available in Paging File | 90.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.61 Gb Total Space | 348.60 Gb Free Space | 77.02% Space Free | Partition Type: NTFS
Drive D: | 13.15 Gb Total Space | 1.80 Gb Free Space | 13.69% Space Free | Partition Type: NTFS

Computer Name: BC2 | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 11:32:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Documents\Downloads\OTL.exe
PRC - [2012/01/16 11:18:48 | 000,787,456 | ---- | M] () -- C:\Users\user\Documents\Downloads\RogueKiller.exe
PRC - [2008/01/20 20:48:06 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 03:48:44 | 000,411,120 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 03:48:43 | 003,767,792 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 03:47:19 | 000,122,880 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 03:47:18 | 000,222,208 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 03:47:17 | 001,746,432 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2012/01/05 01:06:01 | 008,593,056 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/08/26 09:02:20 | 000,016,896 | -H-- | M] (Agere Systems) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/29 22:17:07 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2011/10/28 08:12:42 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebarsvc.exe -- (VideoScavenger_1eService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/08/05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/08/19 08:35:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/19 08:35:24 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/08/19 08:35:41 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/08/19 08:35:39 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/07/16 23:30:01 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64gps.sys -- (UsbGps)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/09/09 19:19:36 | 000,025,888 | -H-- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/04/16 13:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/03/21 06:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/15 14:53:22 | 000,083,776 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2008/01/15 14:53:22 | 000,063,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/09/26 04:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80103
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...aspx?tbid=80103
IE - HKLM\..\URLSearchHook: {d5f7c10d-2f86-4e99-90da-25f8b0400992} - C:\Program Files (x86)\Mapit_1\prxtbMapi.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\URLSearchHook: {57dc49cc-5a9f-446c-bcf8-65c52b7060a6} - No CLSID value found
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\URLSearchHook: {d5f7c10d-2f86-4e99-90da-25f8b0400992} - C:\Program Files (x86)\Mapit_1\prxtbMapi.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.MyScrapNook_12.com/Plugin: C:\Program Files (x86)\MyScrapNook_12EI\Installr\1.bin\NP12EISB.dll (My Scrap Nook)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@VideoScavenger_1e.com/Plugin: C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\NP1eStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7971191D-184A-4DA2-9C65-AE9EE58F4846}: C:\Users\user\AppData\Local\{7971191D-184A-4DA2-9C65-AE9EE58F4846} [2010/12/02 10:09:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_1e.com: C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin [2011/10/28 08:12:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin [2011/11/29 22:17:14 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.smile...s}&a=6PQgLYk7Wl
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Windows\Downloaded Program Files\npsoe.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Cork Board = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\omedpokkgakfifajbapagggilbcenaga\1.0_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files (x86)\Winferno\PC Confidential\PCCBHO.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
O2 - BHO: (Toolbar BHO) - {c6549209-1ff1-4a5c-a815-981f64f34b19} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebar.dll (MindSpark)
O2 - BHO: (Search Assistant BHO) - {d047fe10-dfe2-45cf-9fbf-966b9e64920f} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrcAs.dll (MindSpark)
O2 - BHO: (Mapit 1 Toolbar) - {d5f7c10d-2f86-4e99-90da-25f8b0400992} - C:\Program Files (x86)\Mapit_1\prxtbMapi.dll (Conduit Ltd.)
O2 - BHO: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\alothelper.dll (Vertro)
O3 - HKLM\..\Toolbar: (VideoScavenger) - {acf7da4c-eeb2-484a-a3a1-303d4054d50c} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Mapit 1 Toolbar) - {d5f7c10d-2f86-4e99-90da-25f8b0400992} - C:\Program Files (x86)\Mapit_1\prxtbMapi.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\Toolbar\WebBrowser: (Mapit 1 Toolbar) - {D5F7C10D-2F86-4E99-90DA-25F8B0400992} - C:\Program Files (x86)\Mapit_1\prxtbMapi.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\Toolbar\WebBrowser: (SmileBox EN Toolbar) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VideoScavenger Search Scope Monitor] C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [VideoScavenger_1e Browser Plugin Loader] C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrmon.exe (VER_COMPANY_NAME)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-182613431-3493043901-942358964-1000..\Run: [EPSON NX300 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJA.EXE /FU "C:\Users\user\AppData\Local\Temp\E_S1534.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-182613431-3493043901-942358964-1000..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\S-1-5-21-182613431-3493043901-942358964-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-182613431-3493043901-942358964-1000..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.candystan...ay/dunk-a-thon" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files (x86)\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files (x86)\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://my.ohiohealt...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 50.95.79.129 64.134.255.2 64.134.255.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A420C3F6-CB07-408C-9627-43C265900C61}: DhcpNameServer = 50.95.79.129 64.134.255.2 64.134.255.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A420C3F6-CB07-408C-9627-43C265900C61}: Domain = .
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Yosemite Valley.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Yosemite Valley.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1c8b3d26-44ae-11e0-968a-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{1c8b3d26-44ae-11e0-968a-00248c6d880b}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{2a7e5961-76bb-11e0-a9c7-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{2a7e5961-76bb-11e0-a9c7-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{31eb0f57-0bc7-11e0-9803-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{31eb0f57-0bc7-11e0-9803-00248c6d880b}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{332957c3-064d-11df-a993-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{332957c3-064d-11df-a993-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{47d9e1d8-c214-11df-bb72-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{47d9e1d8-c214-11df-bb72-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{47d9e1e0-c214-11df-bb72-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{47d9e1e0-c214-11df-bb72-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe
O33 - MountPoints2\{47e455bf-d511-11de-aebb-00248c6d880b}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe
O33 - MountPoints2\{47e455bf-d511-11de-aebb-00248c6d880b}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe
O33 - MountPoints2\{4d9d7da9-c4e0-11e0-b68f-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{4d9d7da9-c4e0-11e0-b68f-00248c6d880b}\Shell\AutoRun\command - "" = J:\IronKey.exe
O33 - MountPoints2\{5c190234-3718-11e0-8310-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{5c190234-3718-11e0-8310-00248c6d880b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{5c1903a4-3718-11e0-8310-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{5c1903a4-3718-11e0-8310-00248c6d880b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{6147d3b4-7371-11df-9a2e-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{6147d3b4-7371-11df-9a2e-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{91e263cb-016d-11df-95ff-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{91e263cb-016d-11df-95ff-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{91eb2b5e-5e10-11df-8be8-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{91eb2b5e-5e10-11df-8be8-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{97ecdc65-ad31-11e0-88c0-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{97ecdc65-ad31-11e0-88c0-00248c6d880b}\Shell\AutoRun\command - "" = J:\HWPcAssistant.exe
O33 - MountPoints2\{98cc6cb2-a0cc-11de-9e1b-00248c6d880b}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{9fef9329-cbc4-11de-b6d1-00248c6d880b}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{9fef932c-cbc4-11de-b6d1-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{9fef932c-cbc4-11de-b6d1-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{aa65b517-e84e-11e0-b18b-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{aa65b517-e84e-11e0-b18b-00248c6d880b}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{c5350318-a069-11df-8e8d-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{c5350318-a069-11df-8e8d-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{ce5bf588-4ba3-11e0-a30a-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{ce5bf588-4ba3-11e0-a30a-00248c6d880b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{ce5bf974-4ba3-11e0-a30a-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{ce5bf974-4ba3-11e0-a30a-00248c6d880b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f097bb37-1f29-11df-b280-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{f097bb37-1f29-11df-b280-00248c6d880b}\Shell\AutoRun\command - "" = K:\DTSP_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 11:19:00 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine
[2012/01/15 18:15:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/15 18:11:16 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Ticket
[2010/12/01 13:48:32 | 000,080,896 | ---- | C] (Progressive Networks) -- C:\Users\user\AppData\Local\-804613313.exe

========== Files - Modified Within 30 Days ==========

[2012/01/16 11:20:00 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/16 11:20:00 | 000,594,698 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/16 11:20:00 | 000,100,766 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/16 11:15:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/16 11:10:50 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\PCConfidential.job
[2012/01/16 11:10:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 11:10:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 11:10:39 | 000,000,034 | -H-- | M] () -- C:\Windows\SysWow64\bd2170w.dat
[2012/01/16 10:33:01 | 000,000,904 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182613431-3493043901-942358964-1000UA.job
[2012/01/16 10:10:04 | 000,454,912 | ---- | M] () -- C:\ProgramData\FbrOmxdiOSr.exe
[2012/01/16 09:59:53 | 000,000,631 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/15 18:15:42 | 000,000,280 | -H-- | M] () -- C:\ProgramData\~N3GoMk2QnPKFmL
[2012/01/15 18:15:42 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~N3GoMk2QnPKFmLr
[2012/01/15 18:15:33 | 000,000,607 | ---- | M] () -- C:\Users\user\Desktop\System Check.lnk
[2012/01/15 18:15:31 | 000,000,344 | ---- | M] () -- C:\ProgramData\N3GoMk2QnPKFmL
[2012/01/15 18:15:18 | 000,365,320 | ---- | M] () -- C:\ProgramData\N3GoMk2QnPKFmL.exe
[2012/01/15 18:11:56 | 000,451,336 | ---- | M] () -- C:\ProgramData\TxWbdDFHVk.exe
[2012/01/15 18:09:33 | 000,000,264 | -H-- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/01/15 16:50:01 | 000,000,454 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for user.job
[2012/01/15 08:07:54 | 088,919,153 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/01/15 06:44:30 | 000,000,852 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182613431-3493043901-942358964-1000Core.job
[2012/01/10 09:34:48 | 000,000,020 | ---- | M] () -- C:\Users\user\Documents\gpfax.adr
[2012/01/10 09:34:48 | 000,000,008 | ---- | M] () -- C:\Users\user\Documents\gpfax.idx
[2012/01/06 22:34:07 | 000,002,039 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2012/01/06 22:34:07 | 000,002,001 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/20 04:13:44 | 000,000,456 | -H-- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

========== Files Created - No Company Name ==========

[2012/01/16 11:27:12 | 000,002,001 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/16 11:27:12 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2012/01/16 11:27:12 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
[2012/01/16 11:27:12 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2012/01/16 11:27:12 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/16 11:27:12 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2012/01/16 11:27:12 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/16 11:27:12 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2012/01/16 11:27:12 | 000,001,749 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Smilebox.lnk
[2012/01/16 11:27:12 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/01/16 11:27:12 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2012/01/16 11:27:12 | 000,000,970 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/16 11:27:12 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2012/01/16 11:27:12 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2012/01/16 11:27:12 | 000,000,258 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/16 11:27:12 | 000,000,240 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/16 11:27:12 | 000,000,104 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Default Programs - Shortcut.lnk
[2012/01/16 11:27:11 | 000,002,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken Financial Center.lnk
[2012/01/16 11:27:11 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PictureMover.lnk
[2012/01/16 11:27:11 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/01/16 11:27:11 | 000,000,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2012/01/16 11:27:10 | 000,002,533 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/01/16 11:27:10 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/16 11:27:09 | 000,002,475 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/16 11:27:09 | 000,002,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2012/01/16 10:09:42 | 000,454,912 | ---- | C] () -- C:\ProgramData\FbrOmxdiOSr.exe
[2012/01/16 09:59:53 | 000,000,631 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/15 18:15:42 | 000,000,280 | -H-- | C] () -- C:\ProgramData\~N3GoMk2QnPKFmL
[2012/01/15 18:15:42 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~N3GoMk2QnPKFmLr
[2012/01/15 18:15:33 | 000,000,607 | ---- | C] () -- C:\Users\user\Desktop\System Check.lnk
[2012/01/15 18:15:31 | 000,000,344 | ---- | C] () -- C:\ProgramData\N3GoMk2QnPKFmL
[2012/01/15 18:15:16 | 000,365,320 | ---- | C] () -- C:\ProgramData\N3GoMk2QnPKFmL.exe
[2012/01/15 18:12:02 | 000,451,336 | ---- | C] () -- C:\ProgramData\TxWbdDFHVk.exe
[2012/01/10 09:34:48 | 000,000,020 | ---- | C] () -- C:\Users\user\Documents\gpfax.adr
[2012/01/10 09:34:48 | 000,000,008 | ---- | C] () -- C:\Users\user\Documents\gpfax.idx
[2011/04/01 19:40:33 | 000,004,096 | -H-- | C] () -- C:\Windows\d3dx.dat
[2011/01/31 14:26:42 | 000,024,226 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2010/12/02 05:11:35 | 000,000,006 | ---- | C] () -- C:\Users\user\AppData\Roaming\start
[2010/12/01 14:33:58 | 000,000,006 | ---- | C] () -- C:\Users\user\AppData\Roaming\completescan
[2010/12/01 13:49:15 | 000,000,010 | ---- | C] () -- C:\Users\user\AppData\Roaming\install
[2010/12/01 13:48:35 | 000,000,177 | ---- | C] () -- C:\Users\user\AppData\Roaming\agtyjkj.bat
[2010/12/01 13:48:32 | 000,636,416 | ---- | C] () -- C:\Users\user\AppData\Local\-804613312.exe
[2010/09/17 21:25:34 | 000,000,016 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2010/08/18 22:30:14 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/08/18 22:29:25 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/08/18 22:29:03 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/18 22:28:52 | 000,045,568 | --S- | C] () -- C:\Users\user\AppData\Roaming\4D2BC7.exe
[2010/07/21 20:07:41 | 000,003,584 | -H-- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/23 06:00:09 | 000,000,924 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2009/07/21 15:31:52 | 000,000,426 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2009/07/21 15:31:52 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\bd2170w.dat
[2009/07/17 12:41:06 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/01/09 12:02:49 | 000,327,680 | -H-- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/01/09 12:02:49 | 000,102,400 | -H-- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2009/01/09 11:43:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | -H-- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/07/01 07:17:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2011/09/30 08:25:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
[2011/02/26 11:16:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Catalina Marketing Corp
[2011/01/31 14:33:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EPSON
[2009/07/30 17:41:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Gamelab
[2011/02/14 06:15:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICAClient
[2011/08/07 14:37:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\iWin
[2011/03/17 16:56:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Juniper Networks
[2011/04/02 16:10:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Speed Maximizer
[2011/01/31 14:26:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PeerNetworking
[2009/07/17 09:13:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PictureMover
[2009/07/30 13:20:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
[2011/06/02 20:04:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Registry Mechanic
[2011/04/02 16:10:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RegistryKeys
[2012/01/11 06:12:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smilebox
[2009/12/04 09:44:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2009/07/30 08:46:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent
[2012/01/16 11:10:50 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2011/12/20 04:13:44 | 000,000,456 | -H-- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/01/15 18:09:33 | 000,000,264 | -H-- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2012/01/16 11:14:18 | 000,032,620 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 00:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 01:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 20:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 00:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/29 23:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 20:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 20:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 20:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 20:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 20:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 20:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 01:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 20:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 20:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A420C3F6-CB07-408C-9627-43C265900C61}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
"DhcpNameServerList" = 50.95.79.129 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 06 01 02 01 00 01 01 01 07 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/05/18 15:20:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/05/18 15:20:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/05/18 15:20:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/18 15:20:21 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/05/18 15:20:21 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/18 15:20:12 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/18 15:20:12 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/18 15:20:12 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/18 15:20:21 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/05/18 15:20:21 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >
[2006/11/02 09:36:07 | 000,001,677 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\1\Default Programs.lnk
[2009/10/02 20:56:48 | 000,000,442 | -HS- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\1\desktop.ini
[2009/01/09 12:59:58 | 000,001,880 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\1\Juno Offer!.lnk
[2009/01/09 12:58:25 | 000,001,886 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\1\NetZero Offer!.lnk
[2009/07/17 09:07:57 | 000,001,440 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\1\Snapfish Photos - FREE - 1st 25 Prints.lnk
[2009/10/02 20:56:48 | 000,001,661 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\1\Windows Update.lnk

< %Temp%\smtmp\2\*.* >
[2011/07/07 23:09:22 | 000,000,104 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\Default Programs - Shortcut.lnk
[2011/05/18 15:26:00 | 000,000,286 | -HS- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\desktop.ini
[2012/01/06 22:34:07 | 000,002,001 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\Google Chrome.lnk
[2008/01/20 21:20:45 | 000,000,258 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\Shows Desktop.lnk
[2011/11/29 22:41:22 | 000,001,749 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\Smilebox.lnk
[2012/01/15 18:15:33 | 000,000,631 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\System Check.lnk
[2008/01/20 21:20:45 | 000,000,240 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\Window Switcher.lnk
[2009/10/25 14:41:33 | 000,000,970 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\2\Windows Media Player.lnk

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >
[2009/01/09 13:02:49 | 000,000,508 | -HS- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\4\desktop.ini
[2011/05/30 00:04:47 | 000,000,904 | ---- | M] () -- C:\Users\user\AppData\Local\Temp\smtmp\4\Registry Mechanic.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

#5
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
OTL Extras logfile created on: 1/16/2012 11:33:17 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Documents\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 75.06% Memory free
7.68 Gb Paging File | 6.94 Gb Available in Paging File | 90.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.61 Gb Total Space | 348.60 Gb Free Space | 77.02% Space Free | Partition Type: NTFS
Drive D: | 13.15 Gb Total Space | 1.80 Gb Free Space | 13.69% Space Free | Partition Type: NTFS

Computer Name: BC2 | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-182613431-3493043901-942358964-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 6E 34 2F C2 FA 70 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-182613431-3493043901-942358964-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041536D1-9BF6-4579-9C2B-4CE169F874AA}" = lport=139 | protocol=6 | dir=in | app=system |
"{0BF6F53A-79FC-4ECC-A3F2-8E2C4E18E07A}" = rport=137 | protocol=17 | dir=out | app=system |
"{11F3B6AE-6BD7-475F-A87F-738BF2CE17BA}" = rport=139 | protocol=6 | dir=out | app=system |
"{194290BD-19E2-4C3C-9228-55275298F4C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1F6497BB-83AA-4D94-81C6-1D7ED85F40B6}" = rport=138 | protocol=17 | dir=out | app=system |
"{4C34C6E8-CBE5-409A-9131-9EEFA25532B0}" = lport=445 | protocol=6 | dir=in | app=system |
"{4F66C4A6-B666-4672-B164-8B584246607E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BC32583-BD5E-42B7-B888-CBD0260C0E64}" = lport=2869 | protocol=6 | dir=in | app=system |
"{60AA7ACD-EAF3-476B-ABF8-35DA55CB1907}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66136869-6DCA-4107-A9D1-AD91711E64C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A491675-F693-41EF-9926-7F5551E897F1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{84243DE3-F483-4515-9126-3A84206147F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89E6378E-4391-4766-81B1-B6F3D181296A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8D5E5BA9-312D-4C7C-9B62-053C47ABE691}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9517AA92-3AFA-4CE9-B61A-565CF529F94B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1DFF887-9ED1-47CD-A7F3-2C85FC6BF933}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7FBC099-8B04-4B46-BA7D-4F08E0ED4343}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CB492209-D0E5-408E-8EAD-B9023903DA9A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{DA514D1C-D4E1-4114-979C-021B5E3D8765}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE7CF40A-AF18-4078-9959-E5C79A815865}" = lport=445 | protocol=6 | dir=in | app=system |
"{EF4B71CB-1BE9-4DF9-9BF1-9F7EC3F81E5B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EFB9CB61-A02C-4EAB-A16D-ADA08919838F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F0C4B47D-C939-4EA7-9C95-30A165C1AD2C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1633E2A-257D-4767-A9C3-7E12EC74BBAF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F4EA5CEA-4AFA-44DF-A947-6D6EB76D626D}" = lport=138 | protocol=17 | dir=in | app=system |
"{F698E335-5DCB-450F-8E39-53AAC07A3C8A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FBBD5FA5-F00C-4975-BDE8-9F47E7FA0EB9}" = rport=445 | protocol=6 | dir=out | app=system |
"{FF6F390C-1F1A-42D1-AE13-C5C6B74208F2}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C64A80-E146-4171-8172-CDF1430B4EB1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{05B6D08D-2DEC-4354-802F-F6FAA990196B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{0CCBCDE0-03D1-414B-89E1-7B94EE608F9B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{0D1B2712-B942-498B-BF3F-ECFB1A21B04C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{133DB2FF-A368-4EB5-A534-0AF585E16689}" = protocol=1 | dir=out | [email protected],-28544 |
"{14AD1E30-46C4-4B63-9ED9-9F019E8CC20F}" = protocol=58 | dir=out | [email protected],-28546 |
"{1A0C713E-0869-412E-88AA-130A7FA636CA}" = protocol=6 | dir=out | app=system |
"{1AA06818-CC7A-4B85-AF7A-2079052044B9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{203F8343-DF34-4313-8E22-57A474DC44A9}" = protocol=17 | dir=in | app=c:\program files (x86)\softwaretime\computertime\bin\ctadmin.exe |
"{20A8A5B0-233D-41A6-B8C1-4DEA959225AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2DED1F8A-2F70-46A9-B361-CDCC0C374B06}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2E57177B-6A6D-4642-BDDE-7624BA7CFA8B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{38B681D7-7AB8-4DB6-B05D-43D764163C42}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{3BEE04F6-DD04-4E59-A7C2-39E0EFEBB88A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{3D54E4F7-446C-4D0B-8C77-5F8BB12F4D4C}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{409C7DA1-08D1-4096-BF51-023EDE6A6621}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{44B6CE1A-2CA7-4513-9599-5265EFE24CBB}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{53A97543-0946-4BBE-A70E-862516FA13C6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{561DB90B-60B2-484E-A927-673D218C02BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{58EB074D-F177-4D91-AE4D-CD3452D338C7}" = protocol=6 | dir=in | app=c:\program files (x86)\softwaretime\computertime\bin\stdownload.exe |
"{59E36DFA-4BEF-45EF-A8F8-7D315D2C9218}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{5BAAC93C-CD20-456F-879F-2FD7F6D36C28}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5FE27D49-2573-4513-AD22-AED9A62313D3}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{70A055C3-FD53-4128-A1F9-3D5B8491A202}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{75919DAC-8BA3-4952-88FA-CDE118E57E11}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7829FC29-C8B4-40B3-B46B-F4F543A4BA95}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{81A64789-9521-4535-9089-A4DEB62ABD13}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{88CB240D-33E4-4A9B-99F0-58CBA0E8B9A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A50804D-2C0C-43ED-B968-1AEAD1C44674}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8D68DE04-E1A1-4EAD-A869-0195AAA04DED}" = protocol=17 | dir=in | app=c:\program files (x86)\softwaretime\computertime\bin\ctmn32.exe |
"{9190B4F9-FF58-4F92-9BBA-0EB38CF2812D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{992A206A-59FC-41BF-A01A-F82D0B910224}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9F37985E-D66C-4D21-9005-ED102C5DFDD3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A00A10C6-E448-4C23-9CEC-8E5957954428}" = protocol=1 | dir=in | [email protected],-28543 |
"{ABB533DD-375A-46A9-827A-7CD4024C74A2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ADFC9362-1627-4B18-8932-C1BF05DD525A}" = protocol=6 | dir=in | app=c:\program files (x86)\softwaretime\computertime\bin\ctmn32.exe |
"{B36B3258-48B8-40CE-B9C2-820809AF6C17}" = protocol=17 | dir=in | app=c:\program files (x86)\softwaretime\computertime\bin\stdownload.exe |
"{B55AE755-988B-4604-9F49-A603131D82C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C56DB9E9-9203-4E16-992B-2E7F931A29E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2BEFE86-CA92-438E-B443-B9E91AB202E5}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{E0770782-BCCD-482E-BD96-C7A2D54171E3}" = protocol=6 | dir=in | app=c:\program files (x86)\softwaretime\computertime\bin\fbserver.exe |
"{E097D987-75AF-44B4-BB41-43558317E6E9}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E7F8444E-AF84-4F22-BFC6-703023631A6C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EADEC20E-E7B6-4674-BFBF-6A2FF36AFD4B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{EC5E670D-D948-43C0-96E0-36870EF71CEB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED94B4F3-DD51-479C-951B-7A72288589EF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE39534F-9200-4D35-8449-9DBA0509A477}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{EE3E4C6A-1108-4AE4-9B68-A3FA44496BC7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F00B60A5-3BBE-48E9-BA57-9B1BC4E3BA91}" = protocol=6 | dir=in | app=c:\program files (x86)\softwaretime\computertime\bin\ctadmin.exe |
"{F3B23384-FC66-4BD1-8A61-055801B1D6CF}" = protocol=17 | dir=in | app=c:\program files (x86)\softwaretime\computertime\bin\fbserver.exe |
"{F568ED3A-D9E3-4B5E-B9DF-6640FD76109D}" = protocol=58 | dir=in | [email protected],-28545 |
"{F778A1C1-4DBC-4D34-80AD-A5C6D3A12586}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA133608-6A01-408D-A65C-E0B3A5643E4F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{FBB3A78B-9FA5-4DC8-9982-F06E29FD582F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0242B55B-B3F9-4766-8C25-FA4A3913CD1E}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{879A3866-A8EA-46DD-BB44-796BF6D89B16}J:\urbanterror mac\iourbanterror.exe" = protocol=6 | dir=in | app=j:\urbanterror mac\iourbanterror.exe |
"TCP Query User{AA375F86-4F73-46D1-98D5-3C6CE0E22545}C:2\urbanterror mac\iourbanterror.exe" = protocol=6 | dir=in | app=c:2\urbanterror mac\iourbanterror.exe |
"TCP Query User{EFD15ECC-6251-4131-9F26-96BD4E92FFE6}C:2\urbanterror mac\iourtded.exe" = protocol=6 | dir=in | app=c:2\urbanterror mac\iourtded.exe |
"UDP Query User{31575DB6-B9F2-430A-BC7D-EC2A834B5A62}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{37CB842F-E3C8-437D-A86C-B01E99D3E038}C:2\urbanterror mac\iourbanterror.exe" = protocol=17 | dir=in | app=c:2\urbanterror mac\iourbanterror.exe |
"UDP Query User{E8E915A6-86CF-484D-B3BC-E19FACDED61C}J:\urbanterror mac\iourbanterror.exe" = protocol=17 | dir=in | app=j:\urbanterror mac\iourbanterror.exe |
"UDP Query User{F524E026-3CAE-4985-9C8C-4396F603B2CE}C:2\urbanterror mac\iourtded.exe" = protocol=17 | dir=in | app=c:2\urbanterror mac\iourtded.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{99A5569D-9F86-4f32-A227-1538B731DA42}" = Canon MF4320-4350
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"EPSON NX300 Series" = EPSON NX300 Series Printer Uninstall
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 24
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf09
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2016015-8323-4AF8-8B3E-F56239D7D59D}" = HP Demo
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB706270-54EA-4E48-9FFB-0B95FA04DBE6}" = bodybugg Software
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"alotAppbar" = ALOT Appbar
"am-nannymania2" = Nanny Mania 2
"am-sallysspa" = Sally's Spa
"AVG8Uninstall" = AVG Free 8.5
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"EPSON Scanner" = EPSON Scan
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{CB706270-54EA-4E48-9FFB-0B95FA04DBE6}" = bodybugg Software
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Mapit_1 Toolbar" = Mapit 1 Toolbar
"MyWebSearch bar Uninstall" = My Web Search (My Fun Cards)
"NSS" = Norton Security Scan
"PC Speed Maximizer_is1" = PC Speed Maximizer v2.2
"PCConfidential_is1" = PC Confidential 2008
"Registry Mechanic_is1" = Registry Mechanic 10.0
"SmileBox_EN Toolbar" = SmileBox EN Toolbar
"VideoScavenger_1ebar Uninstall" = VideoScavenger
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-182613431-3493043901-942358964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Smilebox" = Smilebox
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/5/2011 11:30:17 AM | Computer Name = bc2 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/5/2011 11:30:17 AM | Computer Name = bc2 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/5/2011 11:30:19 AM | Computer Name = bc2 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/8/2011 8:47:58 PM | Computer Name = bc2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module IEFRAME.dll, version 9.0.8112.16437, time stamp 0x4e5eeecc,
exception code 0xc0000005, fault offset 0x00223ffe, process id 0x138c, application
start time 0x01ccb60c30975a70.

Error - 12/8/2011 8:48:30 PM | Computer Name = bc2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module IEFRAME.dll, version 9.0.8112.16437, time stamp 0x4e5eeecc,
exception code 0xc0000005, fault offset 0x00106135, process id 0x1944, application
start time 0x01ccb60c43cd42d0.

Error - 12/10/2011 1:16:38 PM | Computer Name = bc2 | Source = Windows Search Service | ID = 3013
Description =

Error - 12/12/2011 11:29:06 AM | Computer Name = bc2 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/12/2011 11:29:57 AM | Computer Name = bc2 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/12/2011 11:29:57 AM | Computer Name = bc2 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/12/2011 11:29:58 AM | Computer Name = bc2 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 4/6/2011 7:32:47 PM | Computer Name = bc2 | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 4/7/2011 3:01:44 PM | Computer Name = bc2 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/16/2012 1:11:59 PM | Computer Name = bc2 | Source = Service Control Manager | ID = 7026
Description =

Error - 1/16/2012 1:14:02 PM | Computer Name = bc2 | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 1/16/2012 1:14:03 PM | Computer Name = bc2 | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 1/16/2012 1:15:52 PM | Computer Name = bc2 | Source = DCOM | ID = 10005
Description =

Error - 1/16/2012 1:15:58 PM | Computer Name = bc2 | Source = DCOM | ID = 10005
Description =

Error - 1/16/2012 1:15:59 PM | Computer Name = bc2 | Source = DCOM | ID = 10005
Description =

Error - 1/16/2012 1:16:02 PM | Computer Name = bc2 | Source = DCOM | ID = 10005
Description =

Error - 1/16/2012 1:16:03 PM | Computer Name = bc2 | Source = DCOM | ID = 10005
Description =

Error - 1/16/2012 1:17:06 PM | Computer Name = bc2 | Source = Service Control Manager | ID = 7001
Description =

Error - 1/16/2012 1:17:06 PM | Computer Name = bc2 | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi again :wave:

Lots and lots to clear from this one

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2011/11/29 22:17:07 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
    IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\URLSearchHook: {57dc49cc-5a9f-446c-bcf8-65c52b7060a6} - No CLSID value found
    IE - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin [2011/11/29 22:17:14 | 000,000,000 | ---D | M]
    CHR - default_search_provider: MyStart Search (Enabled)
    CHR - default_search_provider: search_url = http://mystart.smile...s}&a=6PQgLYk7Wl
    CHR - default_search_provider: suggest_url =
    O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
    O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files (x86)\Winferno\PC Confidential\PCCBHO.dll File not found
    O2 - BHO: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\Toolbar\WebBrowser: (Mapit 1 Toolbar) - {D5F7C10D-2F86-4E99-90DA-25F8B0400992} - C:\Program Files (x86)\Mapit_1\prxtbMapi.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-182613431-3493043901-942358964-1000\..\Toolbar\WebBrowser: (SmileBox EN Toolbar) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O4 - HKU\S-1-5-21-182613431-3493043901-942358964-1000..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files (x86)\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
    O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files (x86)\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
    O33 - MountPoints2\{47e455bf-d511-11de-aebb-00248c6d880b}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe
    O33 - MountPoints2\{47e455bf-d511-11de-aebb-00248c6d880b}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\msnmsngr.exe
    [2010/12/01 13:48:32 | 000,080,896 | ---- | C] (Progressive Networks) -- C:\Users\user\AppData\Local\-804613313.exe
    [2012/01/16 11:10:39 | 000,000,034 | -H-- | M] () -- C:\Windows\SysWow64\bd2170w.dat
    [2012/01/16 10:10:04 | 000,454,912 | ---- | M] () -- C:\ProgramData\FbrOmxdiOSr.exe
    [2012/01/16 09:59:53 | 000,000,631 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/15 18:15:42 | 000,000,280 | -H-- | M] () -- C:\ProgramData\~N3GoMk2QnPKFmL
    [2012/01/15 18:15:42 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~N3GoMk2QnPKFmLr
    [2012/01/15 18:15:33 | 000,000,607 | ---- | M] () -- C:\Users\user\Desktop\System Check.lnk
    [2012/01/15 18:15:31 | 000,000,344 | ---- | M] () -- C:\ProgramData\N3GoMk2QnPKFmL
    [2012/01/15 18:15:18 | 000,365,320 | ---- | M] () -- C:\ProgramData\N3GoMk2QnPKFmL.exe
    [2012/01/15 18:11:56 | 000,451,336 | ---- | M] () -- C:\ProgramData\TxWbdDFHVk.exe
    [2012/01/16 10:09:42 | 000,454,912 | ---- | C] () -- C:\ProgramData\FbrOmxdiOSr.exe
    [2012/01/16 09:59:53 | 000,000,631 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/01/15 18:15:42 | 000,000,280 | -H-- | C] () -- C:\ProgramData\~N3GoMk2QnPKFmL
    [2012/01/15 18:15:42 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~N3GoMk2QnPKFmLr
    [2012/01/15 18:15:33 | 000,000,607 | ---- | C] () -- C:\Users\user\Desktop\System Check.lnk
    [2012/01/15 18:15:31 | 000,000,344 | ---- | C] () -- C:\ProgramData\N3GoMk2QnPKFmL
    [2012/01/15 18:15:16 | 000,365,320 | ---- | C] () -- C:\ProgramData\N3GoMk2QnPKFmL.exe
    [2012/01/15 18:12:02 | 000,451,336 | ---- | C] () -- C:\ProgramData\TxWbdDFHVk.exe
    [2010/12/01 14:33:58 | 000,000,006 | ---- | C] () -- C:\Users\user\AppData\Roaming\completescan
    [2010/12/01 13:49:15 | 000,000,010 | ---- | C] () -- C:\Users\user\AppData\Roaming\install
    [2010/12/01 13:48:35 | 000,000,177 | ---- | C] () -- C:\Users\user\AppData\Roaming\agtyjkj.bat
    [2010/12/01 13:48:32 | 000,636,416 | ---- | C] () -- C:\Users\user\AppData\Local\-804613312.exe

    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    C:\Program Files (x86)\MyWebSearch
    C:\Program Files (x86)\Winferno
    C:\Program Files (x86)\SmileBox_EN\

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK.Keep this handy as we may need it .

FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#7
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
OTL logfile created on: 1/16/2012 4:15:06 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Documents\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 55.86% Memory free
7.68 Gb Paging File | 5.83 Gb Available in Paging File | 75.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.61 Gb Total Space | 348.38 Gb Free Space | 76.97% Space Free | Partition Type: NTFS
Drive D: | 13.15 Gb Total Space | 1.80 Gb Free Space | 13.69% Space Free | Partition Type: NTFS

Computer Name: BC2 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 11:32:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Documents\Downloads\OTL.exe
PRC - [2012/01/05 06:28:25 | 000,180,376 | ---- | M] (Google Inc.) -- C:\Users\user\AppData\Local\Google\Update\1.3.21.93\GoogleCrashHandler.exe
PRC - [2011/10/28 08:12:42 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebarsvc.exe
PRC - [2011/10/28 08:12:42 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrmon.exe
PRC - [2011/10/17 08:38:22 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/08/19 08:35:39 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/19 08:35:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/19 08:35:24 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2008/10/17 18:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/10/17 18:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/26 04:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2007/04/18 09:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 03:48:44 | 000,411,120 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 03:48:43 | 003,767,792 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 03:47:19 | 000,122,880 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 03:47:18 | 000,222,208 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 03:47:17 | 001,746,432 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2012/01/05 01:06:01 | 008,593,056 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
MOD - [2008/10/17 18:57:20 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/08/26 09:02:20 | 000,016,896 | -H-- | M] (Agere Systems) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/28 08:12:42 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebarsvc.exe -- (VideoScavenger_1eService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/08/05 07:46:02 | 000,583,640 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/08/19 08:35:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/19 08:35:24 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/08/19 08:35:41 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/08/19 08:35:39 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/07/16 23:30:01 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2008/11/11 12:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64gps.sys -- (UsbGps)
DRV:64bit: - [2008/11/11 12:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 12:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/09/09 19:19:36 | 000,025,888 | -H-- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/04/16 13:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/03/21 06:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 20:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/15 14:53:22 | 000,083,776 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2008/01/15 14:53:22 | 000,063,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/09/26 04:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80103
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...aspx?tbid=80103
IE - HKLM\..\URLSearchHook: {d5f7c10d-2f86-4e99-90da-25f8b0400992} - No CLSID value found
IE - HKLM\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - No CLSID value found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {d5f7c10d-2f86-4e99-90da-25f8b0400992} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.MyScrapNook_12.com/Plugin: C:\Program Files (x86)\MyScrapNook_12EI\Installr\1.bin\NP12EISB.dll (My Scrap Nook)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@VideoScavenger_1e.com/Plugin: C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\NP1eStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7971191D-184A-4DA2-9C65-AE9EE58F4846}: C:\Users\user\AppData\Local\{7971191D-184A-4DA2-9C65-AE9EE58F4846} [2010/12/02 10:09:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_1e.com: C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin [2011/10/28 08:12:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MyWebSearch\bar\1.bin


========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.smile...s}&a=6PQgLYk7Wl
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Windows\Downloaded Program Files\npsoe.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Cork Board = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\omedpokkgakfifajbapagggilbcenaga\1.0_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/16 16:02:28 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
O2 - BHO: (Toolbar BHO) - {c6549209-1ff1-4a5c-a815-981f64f34b19} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebar.dll (MindSpark)
O2 - BHO: (Search Assistant BHO) - {d047fe10-dfe2-45cf-9fbf-966b9e64920f} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrcAs.dll (MindSpark)
O2 - BHO: (no name) - {d5f7c10d-2f86-4e99-90da-25f8b0400992} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll File not found
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\alothelper.dll (Vertro)
O3 - HKLM\..\Toolbar: (VideoScavenger) - {acf7da4c-eeb2-484a-a3a1-303d4054d50c} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - {d5f7c10d-2f86-4e99-90da-25f8b0400992} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VideoScavenger Search Scope Monitor] C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [VideoScavenger_1e Browser Plugin Loader] C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrmon.exe (VER_COMPANY_NAME)
O4 - HKCU..\Run: [EPSON NX300 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJA.EXE /FU "C:\Users\user\AppData\Local\Temp\E_S1534.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.candystan...ay/dunk-a-thon" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://my.ohiohealt...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A420C3F6-CB07-408C-9627-43C265900C61}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A420C3F6-CB07-408C-9627-43C265900C61}: Domain = .
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Yosemite Valley.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Yosemite Valley.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1c8b3d26-44ae-11e0-968a-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{1c8b3d26-44ae-11e0-968a-00248c6d880b}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{2a7e5961-76bb-11e0-a9c7-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{2a7e5961-76bb-11e0-a9c7-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{31eb0f57-0bc7-11e0-9803-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{31eb0f57-0bc7-11e0-9803-00248c6d880b}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{332957c3-064d-11df-a993-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{332957c3-064d-11df-a993-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{47d9e1d8-c214-11df-bb72-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{47d9e1d8-c214-11df-bb72-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{47d9e1e0-c214-11df-bb72-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{47d9e1e0-c214-11df-bb72-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe
O33 - MountPoints2\{4d9d7da9-c4e0-11e0-b68f-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{4d9d7da9-c4e0-11e0-b68f-00248c6d880b}\Shell\AutoRun\command - "" = J:\IronKey.exe
O33 - MountPoints2\{5c190234-3718-11e0-8310-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{5c190234-3718-11e0-8310-00248c6d880b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{5c1903a4-3718-11e0-8310-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{5c1903a4-3718-11e0-8310-00248c6d880b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{6147d3b4-7371-11df-9a2e-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{6147d3b4-7371-11df-9a2e-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{91e263cb-016d-11df-95ff-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{91e263cb-016d-11df-95ff-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{91eb2b5e-5e10-11df-8be8-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{91eb2b5e-5e10-11df-8be8-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{97ecdc65-ad31-11e0-88c0-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{97ecdc65-ad31-11e0-88c0-00248c6d880b}\Shell\AutoRun\command - "" = J:\HWPcAssistant.exe
O33 - MountPoints2\{98cc6cb2-a0cc-11de-9e1b-00248c6d880b}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{9fef9329-cbc4-11de-b6d1-00248c6d880b}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{9fef932c-cbc4-11de-b6d1-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{9fef932c-cbc4-11de-b6d1-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{aa65b517-e84e-11e0-b18b-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{aa65b517-e84e-11e0-b18b-00248c6d880b}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{c5350318-a069-11df-8e8d-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{c5350318-a069-11df-8e8d-00248c6d880b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{ce5bf588-4ba3-11e0-a30a-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{ce5bf588-4ba3-11e0-a30a-00248c6d880b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{ce5bf974-4ba3-11e0-a30a-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{ce5bf974-4ba3-11e0-a30a-00248c6d880b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f097bb37-1f29-11df-b280-00248c6d880b}\Shell - "" = AutoRun
O33 - MountPoints2\{f097bb37-1f29-11df-b280-00248c6d880b}\Shell\AutoRun\command - "" = K:\DTSP_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 16:01:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/16 11:19:00 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine
[2012/01/15 18:15:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/15 18:11:16 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Ticket

========== Files - Modified Within 30 Days ==========

[2012/01/16 16:17:34 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/16 16:17:34 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/16 16:17:34 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/16 16:11:15 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 16:11:15 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 16:11:14 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\PCConfidential.job
[2012/01/16 16:11:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/16 10:33:01 | 000,000,904 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182613431-3493043901-942358964-1000UA.job
[2012/01/15 18:15:33 | 000,000,631 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/15 18:09:33 | 000,000,264 | -H-- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/01/15 16:50:01 | 000,000,454 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for user.job
[2012/01/15 08:07:54 | 088,919,153 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/01/15 06:44:30 | 000,000,852 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-182613431-3493043901-942358964-1000Core.job
[2012/01/10 09:34:48 | 000,000,020 | ---- | M] () -- C:\Users\user\Documents\gpfax.adr
[2012/01/10 09:34:48 | 000,000,008 | ---- | M] () -- C:\Users\user\Documents\gpfax.idx
[2012/01/06 22:34:07 | 000,002,039 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2012/01/06 22:34:07 | 000,002,001 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/20 04:13:44 | 000,000,456 | -H-- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

========== Files Created - No Company Name ==========

[2012/01/16 11:27:12 | 000,002,001 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/16 11:27:12 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2012/01/16 11:27:12 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
[2012/01/16 11:27:12 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2012/01/16 11:27:12 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/16 11:27:12 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2012/01/16 11:27:12 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2012/01/16 11:27:12 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2012/01/16 11:27:12 | 000,001,749 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Smilebox.lnk
[2012/01/16 11:27:12 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/01/16 11:27:12 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2012/01/16 11:27:12 | 000,000,970 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/16 11:27:12 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2012/01/16 11:27:12 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2012/01/16 11:27:12 | 000,000,258 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/16 11:27:12 | 000,000,240 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/16 11:27:12 | 000,000,104 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Default Programs - Shortcut.lnk
[2012/01/16 11:27:11 | 000,002,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken Financial Center.lnk
[2012/01/16 11:27:11 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PictureMover.lnk
[2012/01/16 11:27:11 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/01/16 11:27:11 | 000,000,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2012/01/16 11:27:10 | 000,002,533 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/01/16 11:27:10 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/16 11:27:09 | 000,002,475 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/16 09:59:53 | 000,000,631 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/10 09:34:48 | 000,000,020 | ---- | C] () -- C:\Users\user\Documents\gpfax.adr
[2012/01/10 09:34:48 | 000,000,008 | ---- | C] () -- C:\Users\user\Documents\gpfax.idx
[2011/04/01 19:40:33 | 000,004,096 | -H-- | C] () -- C:\Windows\d3dx.dat
[2011/01/31 14:26:42 | 000,024,226 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2010/12/02 05:11:35 | 000,000,006 | ---- | C] () -- C:\Users\user\AppData\Roaming\start
[2010/09/17 21:25:34 | 000,000,016 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2010/08/18 22:30:14 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/08/18 22:29:25 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/08/18 22:29:03 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/18 22:28:52 | 000,045,568 | --S- | C] () -- C:\Users\user\AppData\Roaming\4D2BC7.exe
[2010/07/21 20:07:41 | 000,003,584 | -H-- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/23 06:00:09 | 000,000,924 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2009/07/21 15:31:52 | 000,000,426 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2009/07/17 12:41:06 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/01/09 12:02:49 | 000,327,680 | -H-- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/01/09 12:02:49 | 000,102,400 | -H-- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2009/01/09 11:43:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | -H-- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2011/07/01 07:17:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2011/09/30 08:25:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
[2011/02/26 11:16:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Catalina Marketing Corp
[2011/01/31 14:33:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EPSON
[2009/07/30 17:41:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Gamelab
[2011/02/14 06:15:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICAClient
[2011/08/07 14:37:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\iWin
[2011/03/17 16:56:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Juniper Networks
[2011/04/02 16:10:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Speed Maximizer
[2011/01/31 14:26:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PeerNetworking
[2009/07/17 09:13:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PictureMover
[2009/07/30 13:20:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
[2011/06/02 20:04:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Registry Mechanic
[2011/04/02 16:10:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RegistryKeys
[2012/01/11 06:12:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Smilebox
[2009/12/04 09:44:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2009/07/30 08:46:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent
[2012/01/16 16:11:14 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2011/12/20 04:13:44 | 000,000,456 | -H-- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/01/15 18:09:33 | 000,000,264 | -H-- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2012/01/16 16:08:30 | 000,032,620 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You are being kept busy - this is the same infection as the other.. And we will probably need to delete a partition as well
  • 0

#9
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
Yipes. Thank you so much for your help thus far --- I am unable to create a System Repair Disc. I am able to get to the command window and cut/paste but nothing happens after that. Please advise. (Not sure if it matters, but I saw the screen captures say Windows 7 but this 2nd machine is on Windows Vista).
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK you can download an ISO file to burn to disc from here

Are you happy burning an ISO to disc ?
  • 0

Advertisements


#11
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
I think I created the disc correctly... Here is the P2GoLog:


User Name : Windows User
Company Name : CyberLink
CDKey :
OS Version : Vista Home Basic/Premium Service Pack 2
c:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe : Version 6.0.0.2112
CBS.dll : Version 7.7.3305

==================================================================

Total physical memory : 3838MB (3930428KB)
Free physical memory : 3075MB (3148860KB)
Memory load : 19 percent

Number of CPU : 2
CPU Name : AMD Athlon™ 64 X2 Dual Core Processor 5400+
CPU Speed : 2800 MHz

==================================================================

16.1.2012
Task Type : Burn Disc Image

17:04:16, File(cl_DiscCopy.cpp), Line(8373)
-> Begin burning process
Current drive: <E: TSSTcorp CDDVDW TS-H653Z 4403>
====== Disc Info =======
Disc Type: DVD+R
Disc Status: Blank, Appendable
Num. of Sessions: 1 Num. of Tracks: 1
Book Type: DVD+R
Track Path:
Parallel Track Path
Diameter Length: 120mm Layer Counts: 1
Data Area Start PSN: 196608 End PSN: 2491711 End PSN on Layer 0: 0
End PSN : 120mm Layer Counts: 1
Disc Capacity: 2295104LBs
Free Size: 2295104LBs Used Size: 0LBs
========================
Current writing speed(x): 16.0
-> Burn from image

17:04:16, file(cl_DiscCopy.cpp), line(8781)
-> Prepare writing disc
Burn option: w/ buffer underrun protection
Burn option: w/o simulation
Burn option: w/o close disc
Burn option: w/ verify disc
Burn mode: PACKET_INC

17:04:54, file(cl_DiscCopy.cpp), line(1031)
-> End write
Last write LBA: 76064

17:04:59, file(cl_DiscCopy.cpp), line(1117)
-> Close track: 1

17:05:11, file(cl_DiscCopy.cpp), line(1146)
-> Close session
-> End burning process

==================================================================
  • 0

#12
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-16 17:08:26
-----------------------------
17:08:26.119 OS Version: Windows x64 6.0.6002 Service Pack 2
17:08:26.119 Number of processors: 2 586 0x6B02
17:08:26.120 ComputerName: BC2 UserName:
17:08:27.735 Initialize success
17:14:34.247 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053
17:14:34.247 Disk 0 Vendor: ST350062 HP26 Size: 476940MB BusType: 3
17:14:34.263 Disk 0 MBR read successfully
17:14:34.263 Disk 0 MBR scan
17:14:34.263 Disk 0 unknown MBR code
17:14:34.263 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 463468 MB offset 63
17:14:34.294 Disk 0 Partition 2 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 976768065
17:14:34.310 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13468 MB offset 949184460
17:14:34.310 Service scanning
17:14:36.572 Modules scanning
17:14:36.572 Disk 0 trace - called modules:
17:14:36.587 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
17:14:36.587 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800473e2f0]
17:14:36.587 3 CLASSPNP.SYS[fffffa600079dc33] -> nt!IofCallDriver -> [0xfffffa8003654b50]
17:14:36.587 5 acpi.sys[fffffa60008f3fde] -> nt!IofCallDriver -> \Device\00000053[0xfffffa800453f9e0]
17:14:36.587 Scan finished successfully
17:14:50.112 Disk 0 MBR has been saved successfully to "C:\Users\user\Documents\Downloads\MBR.dat"
17:14:50.112 The log file has been saved successfully to "C:\Users\user\Documents\Downloads\aswMBR.txt"
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

17:14:34.294 Disk 0 Partition 2 00 17 Hidd HPFS/NTFS NTFS 2 MB offset 976768065

Ok this is the bad partition a more normal 2Mb size, but it is not active so it can be deleted from within windows
From Control Panel > Administrative tools > Computer Management > Storage > Disc management
Right click the 2Mb partition and select delete

Could you confirm that all files/folders/icons have returned
Also what are the current problems
  • 0

#14
s0nginmyheart

s0nginmyheart

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 147 posts
Thanks so much for your help with this! It looks as if all the programs and icons have returned. However, I ran another scan with Microsoft Security Essentials and AVG Anti VIrus 2012, and this popped up: Trojan Horse Generic_r.AGW. Microsoft Security Essentials said it cleaned it but it's popped up again... Can you please advise? Thanks.
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
For sure as we are not yet finished until you are happy

Did you delete the 2MB partition ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP