Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Really bad malware/virus need some help [Solved]


  • Please log in to reply

#16
joczr21

joczr21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Doing better. Many thanks.
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just delete RogueKiller form the desktop
  • 0

#18
joczr21

joczr21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you so much.
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#20
joczr21

joczr21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I just got through going through the process of fixing my computer under the topic "Really bad malware/virus need some help". It has only been a few days and I have not downloaded anything but something is going on. I ran Malwarebytes and it found 8 items. I would so appreciate help in fixing this. I am posting the logfile of the Malwarebytes run.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.30.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
John O. B. Cole :: JOHNOBCOLE-PC [administrator]

4/29/2012 9:23:03 PM
mbam-log-2012-04-29 (21-23-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296663
Time elapsed: 46 minute(s), 47 second(s)

Memory Processes Detected: 1
C:\Users\John O. B. Cole\AppData\Local\dplaysvr.exe (Trojan.Agent) -> 972 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.Agent) -> Data: C:\Users\John O. B. Cole\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.Agent) -> Data: C:\Users\John O. B. Cole\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATA4F8.tmp.exe (Trojan.FakeAlert) -> Data: C:\Users\JOHNOB~1.COL\AppData\Local\Temp\DATA4F8.tmp.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\John O. B. Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4QSESUN\3[1].exe (Trojan.CleaMan.TxGen) -> Quarantined and deleted successfully.
C:\Users\John O. B. Cole\AppData\Local\dplaysvr.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\John O. B. Cole\Local Settings\Application Data\dplaysvr.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\John O. B. Cole\AppData\Local\temp\DATA4F8.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

OTL Extras logfile created on: 5/1/2012 11:11:50 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\John O. B. Cole\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 31.77% Memory free
5.92 Gb Paging File | 3.66 Gb Available in Paging File | 61.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 242.71 Gb Free Space | 85.64% Space Free | Partition Type: NTFS

Computer Name: JOHNOBCOLE-PC | User Name: John O. B. Cole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D95492-726E-4BF3-B448-2DB281C67F74}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0A1D6353-7FDA-4659-A681-806D779651A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0DB0BF7F-6F2A-4230-8B8D-D2F88B2D7F57}" = lport=137 | protocol=17 | dir=in | app=system |
"{15E08C2C-68DF-4AF8-AC8C-5A6B3C9C3206}" = rport=138 | protocol=17 | dir=out | app=system |
"{1D022D6F-612F-49AB-8BD6-891062A4259B}" = lport=139 | protocol=6 | dir=in | app=system |
"{2077AE98-7D04-4984-A488-A2ACA6D9BB62}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{2089A715-3996-4CB5-A8E9-D8BF46634EA7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{316EAD84-3BDF-4927-B9FD-6B15FDC5E503}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3BD2E8BB-F434-4814-B514-148A95A2990D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44C49038-8B1C-46F4-90BD-86F7D048B677}" = rport=445 | protocol=6 | dir=out | app=system |
"{49F39516-13A0-4A4D-8DAF-4BF17762F49F}" = rport=139 | protocol=6 | dir=out | app=system |
"{4C2464A2-8B4E-4DD8-BADB-5B9866CFD75D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5D5D2136-D0A0-4CD0-B11F-6B0BC6494F54}" = lport=138 | protocol=17 | dir=in | app=system |
"{5E54DDA0-0C24-4AB6-9E07-6E9EBAF1139F}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{60C0F646-857B-4482-8FF0-28683CA92948}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F3C376C-3BB1-4083-A337-B420E5800E5A}" = lport=445 | protocol=6 | dir=in | app=system |
"{72F78F29-A9B0-4EFA-A752-CACC635FFE1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{78C1485F-EE2F-431A-9417-7BD78397AB84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88510C7C-575C-4DBB-83BA-4C1D65C24E3C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93FA7232-A5E2-4A19-A66E-06AEF9B1CB81}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{9661E539-017D-41B7-8DC7-BB879FA50AF1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9AD1A5F4-9F97-453B-95D3-162C76A3DFBA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A2C35114-BBF9-497C-B3B3-7B26ACFBBC24}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A51DF909-CE0C-44E7-9C3B-D194B2B7DCE8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1F7AC80-1692-41B0-8B17-4CAC4E9E183E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D5556B77-26CB-47EE-A9A6-00E033E669EA}" = rport=137 | protocol=17 | dir=out | app=system |
"{EEE87D17-A7A0-4F54-9000-F81CBAD1FD96}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F2821625-1213-47BF-B484-60FAD25A249C}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{F464A891-855B-400D-8EAA-C641DF80109C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F87A7204-08E1-4860-AEC6-3C157961CA35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BE9106-44D8-4EFD-A42E-FC62AE785331}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{05AA1E7D-BDB7-4F5A-BE7A-B894C198C43B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0DDEDA45-322D-42AF-A979-8E0532812554}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{162F0C45-CF4A-4558-8592-4217C3AD5460}" = protocol=58 | dir=in | [email protected],-28545 |
"{19AAD8A0-3223-4631-8F04-5005D594432B}" = protocol=58 | dir=out | [email protected],-28546 |
"{1CDCCB0A-7E66-45EA-8E7A-8238C3B74843}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{29F8AC41-38C2-4EF9-BA1A-F0174730A51C}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{2B38E1A1-3782-49B6-9643-4E15C3FB7A51}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{30C0A8F1-9BEE-4C7E-A551-0A26B624917F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3835144E-3649-4F59-8C18-CDAA6F9E1C53}" = protocol=1 | dir=in | [email protected],-28543 |
"{6E587B21-9E44-4ADD-972B-B0495FC4E9DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{919DE1F2-031B-4ECF-90B1-4FE88BA68958}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99A98320-2866-4469-8A71-CD7F601AF635}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{9E2A859A-3A41-47A8-82D8-D8BC59E1F4C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A23B52AE-34C4-4F47-9FF8-F562E5F9A2D4}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{AE0014DC-7FA7-4B84-AC30-7EA33CC4FF74}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B448ADC0-6C92-4C12-B582-EEC939B86370}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{BC2F8AB8-2633-4B60-8071-E7C4172C95A1}" = protocol=17 | dir=in | app=c:\su8012u\setup8012u.exe |
"{BCB958F1-62E9-4186-8976-07F2B1DD991A}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{BFF0765D-84FD-4BB6-914C-BDBE8362B775}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C0E5B4CC-4663-44ED-9ACF-9CB9C44D33F4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3619534-0551-4381-BAD4-2CCAE27A6E13}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D53CAEA7-A08D-46A7-B7CD-0075E2A437EE}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{DCE42191-3FF6-472E-9C54-8D3DECD503DC}" = protocol=6 | dir=in | app=c:\su8012u\setup8012u.exe |
"{DE6047D9-4A3D-40E9-A07F-B859026E8795}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{DFBCD396-320E-445F-8E1F-887A59027447}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E7A4F228-850C-4E87-A1BC-092633E13AEE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{E857E173-D13B-435B-9607-32002F1B9B5B}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{ED975125-2AE3-457C-ABD3-75E0EE95A3EB}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{3665796A-87E7-422C-BA1D-A67216E2DF4A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{755226D2-7218-4A76-9E50-33FECE137CE6}C:\su8012u\setup8012u.exe" = protocol=6 | dir=in | app=c:\su8012u\setup8012u.exe |
"TCP Query User{80F09AE4-8AEE-4C7E-8CCD-9B83ACCB3684}C:\program files\trademanager\aliim.exe" = protocol=6 | dir=in | app=c:\program files\trademanager\aliim.exe |
"TCP Query User{8A5B1E5F-BF7B-4CBE-B3C1-F79699FD5775}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A01D4914-D1F3-4BB7-AD85-9078714DEDA2}C:\users\john o. b. cole\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\john o. b. cole\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{A72508BE-D18C-44E9-82A3-7F206962689F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{A7F1C29A-E437-4184-918B-31272B61ACF0}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{AC3EEB55-161E-4C6C-8BE2-A1600917A3EA}C:\users\john o. b. cole\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\john o. b. cole\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{B8C40B35-06F4-430C-BB9B-91D76D990B59}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{085763CD-50EF-4CE3-B4BC-CDE6DFE1EC2B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{0EA861CB-5A92-452A-990B-5C683403A657}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{19483167-8AFA-4D69-B08C-46B890602F2E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{446D9EB6-AEBD-47DA-8F89-F806B4741BB4}C:\users\john o. b. cole\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\john o. b. cole\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{5045CBF1-319B-41BB-98DA-765435309B6C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{8B759411-4A9F-4B27-B89B-5853208FE340}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{94D03B07-25CA-49DC-AE89-63E2AC55E6A5}C:\program files\trademanager\aliim.exe" = protocol=17 | dir=in | app=c:\program files\trademanager\aliim.exe |
"UDP Query User{DF613FE1-E532-4317-BF73-04FB61C8A866}C:\su8012u\setup8012u.exe" = protocol=17 | dir=in | app=c:\su8012u\setup8012u.exe |
"UDP Query User{E372A1C4-5220-4AD5-BC5C-3D4D93C22B47}C:\users\john o. b. cole\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\john o. b. cole\appdata\local\mediaget2\mediaget.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FD3DF65-694C-4F71-97BA-1A70BB2B8B9C}" = ICM532
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{731B0E4D-F4C7-450C-95B0-E1A3176B1C75}" = Dell Backup and Recovery Manager
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel® Graphics Media Accelerator Driver
"InvAn4" = InvAn4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TradeManager 2011 SP2" = TradeManager 2011 SP2
"TradeManager 2011 SP3" = TradeManager 2011 SP3
"TVWiz" = Intel® TV Wizard
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3452009456-1726143999-3032453699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Juniper_Setup_Client" = Juniper Networks Setup Client
"MediaGet" = MediaGet

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/23/2012 7:20:29 PM | Computer Name = JohnOBCole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1061

Error - 4/23/2012 7:20:29 PM | Computer Name = JohnOBCole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1061

Error - 4/23/2012 9:33:51 PM | Computer Name = JohnOBCole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/23/2012 9:33:51 PM | Computer Name = JohnOBCole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8002851

Error - 4/23/2012 9:33:51 PM | Computer Name = JohnOBCole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8002851

Error - 4/24/2012 7:31:33 PM | Computer Name = JohnOBCole-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\trademanager\wwst64.exe".Error
in manifest or policy file "c:\program files\trademanager\Microsoft.VC80.CRT.MANIFEST"
on line 4. Component identity found in manifest does not match the identity of the
component requested. Reference is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 4/25/2012 6:20:39 PM | Computer Name = JohnOBCole-PC | Source = Application Error | ID = 1000
Description = Faulting application name: bcmwltry.exe, version: 5.30.21.0, time
stamp: 0x4a53eb2a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x03a36c0c Faulting process id: 0x5c8 Faulting application
start time: 0x01cd23319c1464ff Faulting application path: C:\Program Files\Dell\Dell
Wireless WLAN Card\bcmwltry.exe Faulting module path: unknown Report Id: e2db530c-8f24-11e1-b0a4-0026b998dc41

Error - 4/29/2012 9:44:46 PM | Computer Name = JohnOBCole-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\trademanager\wwst64.exe".Error
in manifest or policy file "c:\program files\trademanager\Microsoft.VC80.CRT.MANIFEST"
on line 4. Component identity found in manifest does not match the identity of the
component requested. Reference is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 5/1/2012 10:47:13 PM | Computer Name = JohnOBCole-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files\trademanager\wwst64.exe".Error
in manifest or policy file "c:\program files\trademanager\Microsoft.VC80.CRT.MANIFEST"
on line 4. Component identity found in manifest does not match the identity of the
component requested. Reference is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Definition
is Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 5/2/2012 12:11:01 AM | Computer Name = JohnOBCole-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.42.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 10a4 Start Time:
01cd281965e950c3 Termination Time: 16 Application Path: C:\Users\John O. B. Cole\Desktop\OTL.exe

Report
Id: d096dfd3-940c-11e1-b1f0-0026b998dc41

[ Broadcom Wireless LAN Events ]
Error - 3/30/2012 7:40:29 PM | Computer Name = JohnOBCole-PC | Source = WLAN-Tray | ID = 0
Description = 18:40:26, Fri, Mar 30, 12 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 6/7/2011 10:03:27 PM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 9:03:27 PM - Error connecting to the internet. 9:03:27 PM - Unable
to contact server..

Error - 9/29/2011 9:06:18 PM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 8:06:17 PM - Error connecting to the internet. 8:06:17 PM - Unable
to contact server..

Error - 9/29/2011 10:06:23 PM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 9:06:23 PM - Error connecting to the internet. 9:06:23 PM - Unable
to contact server..

Error - 9/29/2011 11:06:28 PM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 10:06:28 PM - Error connecting to the internet. 10:06:28 PM - Unable
to contact server..

Error - 9/30/2011 9:17:25 PM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 8:17:24 PM - Error connecting to the internet. 8:17:24 PM - Unable
to contact server..

Error - 1/10/2012 10:15:07 PM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 8:15:06 PM - Error connecting to the internet. 8:15:06 PM - Unable
to contact server..

Error - 2/14/2012 5:39:34 AM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 3:39:33 AM - Error connecting to the internet. 3:39:33 AM - Unable
to contact server..

Error - 2/14/2012 6:42:39 AM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 4:42:39 AM - Error connecting to the internet. 4:42:39 AM - Unable
to contact server..

Error - 2/14/2012 7:45:44 AM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 5:45:44 AM - Error connecting to the internet. 5:45:44 AM - Unable
to contact server..

Error - 2/14/2012 8:45:49 AM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 6:45:49 AM - Error connecting to the internet. 6:45:49 AM - Unable
to contact server..

[ System Events ]
Error - 4/20/2012 9:04:27 PM | Computer Name = JohnOBCole-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:03:09 PM on ?4/?20/?2012 was unexpected.

Error - 4/20/2012 9:42:57 PM | Computer Name = JohnOBCole-PC | Source = Service Control Manager | ID = 7034
Description = The Audio Service service terminated unexpectedly. It has done this
1 time(s).

Error - 4/21/2012 1:16:55 PM | Computer Name = JohnOBCole-PC | Source = Service Control Manager | ID = 7034
Description = The Audio Service service terminated unexpectedly. It has done this
1 time(s).

Error - 4/21/2012 7:03:59 PM | Computer Name = JohnOBCole-PC | Source = Service Control Manager | ID = 7034
Description = The O2FLASH service terminated unexpectedly. It has done this 1 time(s).

Error - 4/21/2012 7:04:34 PM | Computer Name = JohnOBCole-PC | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/21/2012 7:04:37 PM | Computer Name = JohnOBCole-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/22/2012 9:07:58 PM | Computer Name = JohnOBCole-PC | Source = Service Control Manager | ID = 7034
Description = The Audio Service service terminated unexpectedly. It has done this
1 time(s).

Error - 4/26/2012 7:58:43 PM | Computer Name = JohnOBCole-PC | Source = Service Control Manager | ID = 7034
Description = The O2FLASH service terminated unexpectedly. It has done this 1 time(s).

Error - 5/1/2012 12:54:43 PM | Computer Name = JohnOBCole-PC | Source = DCOM | ID = 10005
Description =

Error - 5/1/2012 12:54:43 PM | Computer Name = JohnOBCole-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%109


< End of report >

OTL logfile created on: 5/1/2012 11:11:50 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\John O. B. Cole\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 31.77% Memory free
5.92 Gb Paging File | 3.66 Gb Available in Paging File | 61.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 242.71 Gb Free Space | 85.64% Space Free | Partition Type: NTFS

Computer Name: JOHNOBCOLE-PC | User Name: John O. B. Cole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/01 23:09:22 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\John O. B. Cole\Desktop\OTL.exe
PRC - [2012/04/18 20:03:36 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012/04/04 00:53:54 | 001,496,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/09 14:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2009/07/16 23:57:36 | 004,562,944 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
PRC - [2009/07/16 23:57:36 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
PRC - [2009/07/16 23:57:04 | 003,086,848 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
PRC - [2009/07/15 13:47:20 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe
PRC - [2009/07/13 20:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/06/29 02:59:00 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/06/29 02:59:00 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/06/29 02:59:00 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/06/29 02:59:00 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/07 12:04:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\AstSrv.exe
PRC - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/04 00:53:52 | 000,249,232 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2012/01/01 21:36:03 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/01 21:35:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/12/23 20:19:34 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/12/23 20:19:26 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/16 23:57:02 | 000,055,808 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/18 20:03:36 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/26 23:48:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/16 23:57:36 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009/07/15 13:47:20 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe -- (STacSV)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/07 12:04:10 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Windows\System32\\AstSrv.exe -- (Ast Service)
SRV - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/16 23:56:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2009/07/15 13:47:20 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/05/22 04:17:52 | 000,058,528 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/05/07 04:47:12 | 000,041,504 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2009/03/25 01:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/05/28 18:01:00 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2007/11/02 14:36:10 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2007/01/23 19:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2002/07/10 21:13:00 | 000,095,232 | ---- | M] (IC Media Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbuvt.sys -- (DCamUSBUVT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKLM\..\SearchScopes\{D479C55D-D202-4CDF-B0B1-D76559A3F7DC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{FE02C4FF-81A1-458D-ACF3-6848DD411A53}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\SearchScopes,DefaultScope = {F732A857-EDC8-4501-83B1-56B459A656BC}
IE - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\SearchScopes\{F732A857-EDC8-4501-83B1-56B459A656BC}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files\Trademanager\npwangwang.dll ( )
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\John O. B. Cole\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)


[2010/01/24 21:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Extensions
[2010/01/24 21:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/18 18:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/04/17 00:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/04/22 20:08:00 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000..\Run: [aliim] C:\Program Files\Trademanager\AliIM.exe (Alibaba software (Shanghai) Corporation.)
O4 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A8BCDD7-B3AC-484F-9024-2082FA996F16}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80E15F0F-D1D2-4C83-9FE8-CFB89630CBA9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3F941F7-E99B-4D0C-9A9D-949A4459184B}: DhcpNameServer = 69.78.96.14 66.174.92.14
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 23:09:19 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\John O. B. Cole\Desktop\OTL.exe
[2012/04/28 21:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trademanager
[2012/04/26 22:41:54 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Desktop\UTV
[2012/04/26 02:59:16 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Documents\My WangWang
[2012/04/20 20:08:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/20 20:03:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/20 20:03:20 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Local\temp
[2012/04/19 21:20:22 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Desktop\New folder (2)
[2012/04/18 17:36:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/18 17:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/18 17:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/18 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/18 16:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/18 16:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/17 21:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeManager
[2012/04/17 21:56:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\aliedit
[2012/04/17 21:54:08 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Local\Alibaba
[2012/04/17 16:35:00 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012/04/17 00:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/04/14 20:17:29 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Desktop\New folder
[2012/04/06 21:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\USEPA
[2012/04/06 21:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CAPE-OPEN
[2012/04/06 21:55:57 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\COCO
[2012/04/04 20:18:16 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\Yahoo!
[2012/04/04 17:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger

========== Files - Modified Within 30 Days ==========

[2012/05/01 23:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/01 23:09:22 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\John O. B. Cole\Desktop\OTL.exe
[2012/05/01 22:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/01 21:16:54 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/01 21:04:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/01 00:23:31 | 000,000,156 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\6115 - Generator and Generator Sets, Electrical at Government Liquidation.url
[2012/04/29 22:37:17 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 22:37:17 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 22:34:55 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/29 22:34:55 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/29 22:29:53 | 2385,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/28 21:38:49 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\TradeManager 2011.lnk
[2012/04/28 19:00:15 | 000,000,293 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Wholesale Bike LED Flash Light Mount Bicycle Torch Clamp Holder.url
[2012/04/26 21:54:36 | 000,007,597 | ---- | M] () -- C:\Users\John O. B. Cole\AppData\Local\Resmon.ResmonCfg
[2012/04/26 20:35:06 | 000,000,092 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\How to Quiet Your Mind.url
[2012/04/26 14:03:26 | 000,043,104 | -HS- | M] () -- C:\Users\John O. B. Cole\AppData\Local\dplayx.dll
[2012/04/26 03:02:08 | 000,206,240 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\300-500cc UTV.pdf
[2012/04/26 03:00:42 | 000,739,867 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\TT-KT150-1 Sports UTV,EPA,EEC.pdf
[2012/04/24 18:35:11 | 000,000,195 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\UTV 800cc with EEC&EPA certificate - Product Picture From Qingdao Impetus International Trading Co., Ltd..url
[2012/04/24 13:06:15 | 000,001,871 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Recent Items - Shortcut.lnk
[2012/04/23 17:57:31 | 000,000,262 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\UTV 800cc with EEC&EPA certificate Sales, Buy UTV 800cc with EEC&EPA certificate Products from alibaba.com.url
[2012/04/22 20:08:00 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/04/20 21:11:08 | 000,000,391 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\2012 Exposure Quick Release Handlebar Bracket w- Clip - Competitive Cyclist.url
[2012/04/18 17:36:50 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 16:11:04 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/17 23:40:40 | 902,839,899 | ---- | M] () -- C:\Users\John O. B. Cole\Documents\Poison Live Raw and uncut.avi
[2012/04/17 23:39:39 | 139,483,140 | ---- | M] () -- C:\Users\John O. B. Cole\Documents\Poison_-_Unskinny_Bop_(Live)_(2nafish).mpg
[2012/04/17 16:31:28 | 000,000,455 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\quick release handlebar bracket with clip - Google Search.url
[2012/04/16 23:04:39 | 000,327,680 | ---- | M] () -- C:\Users\John O. B. Cole\Documents\2011 secret crack-make over $300 a day now -eBay's best.pdf
[2012/04/16 21:53:46 | 000,560,386 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\How to make money on ebay.pdf
[2012/04/15 23:30:57 | 000,000,230 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Fabricated Metal Product Mfg - Mississippi Company Directory from Hoovers.com.url
[2012/04/06 21:58:23 | 000,030,920 | ---- | M] () -- C:\Windows\System32\CapeOpenNet.tlb
[2012/04/04 17:31:48 | 000,001,135 | ---- | M] () -- C:\Users\John O. B. Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/04 17:31:48 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/05/01 00:23:31 | 000,000,156 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\6115 - Generator and Generator Sets, Electrical at Government Liquidation.url
[2012/04/28 21:38:49 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\TradeManager 2011.lnk
[2012/04/26 23:09:41 | 000,043,104 | -HS- | C] () -- C:\Users\John O. B. Cole\AppData\Local\dplayx.dll
[2012/04/26 21:54:36 | 000,007,597 | ---- | C] () -- C:\Users\John O. B. Cole\AppData\Local\Resmon.ResmonCfg
[2012/04/26 20:35:06 | 000,000,092 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\How to Quiet Your Mind.url
[2012/04/26 03:01:39 | 000,206,240 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\300-500cc UTV.pdf
[2012/04/26 02:59:27 | 000,739,867 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\TT-KT150-1 Sports UTV,EPA,EEC.pdf
[2012/04/24 18:35:11 | 000,000,195 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\UTV 800cc with EEC&EPA certificate - Product Picture From Qingdao Impetus International Trading Co., Ltd..url
[2012/04/24 13:06:15 | 000,001,871 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Recent Items - Shortcut.lnk
[2012/04/20 00:32:20 | 000,000,262 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\UTV 800cc with EEC&EPA certificate Sales, Buy UTV 800cc with EEC&EPA certificate Products from alibaba.com.url
[2012/04/18 17:36:50 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 16:11:04 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/17 16:31:32 | 000,000,293 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Wholesale Bike LED Flash Light Mount Bicycle Torch Clamp Holder.url
[2012/04/17 16:31:28 | 000,000,455 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\quick release handlebar bracket with clip - Google Search.url
[2012/04/17 16:31:24 | 000,000,391 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\2012 Exposure Quick Release Handlebar Bracket w- Clip - Competitive Cyclist.url
[2012/04/16 22:31:51 | 000,327,680 | ---- | C] () -- C:\Users\John O. B. Cole\Documents\2011 secret crack-make over $300 a day now -eBay's best.pdf
[2012/04/16 21:53:39 | 000,560,386 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\How to make money on ebay.pdf
[2012/04/06 21:58:23 | 000,030,920 | ---- | C] () -- C:\Windows\System32\CapeOpenNet.tlb
[2012/04/04 20:52:40 | 000,000,230 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Fabricated Metal Product Mfg - Mississippi Company Directory from Hoovers.com.url
[2012/04/04 17:31:48 | 000,001,135 | ---- | C] () -- C:\Users\John O. B. Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/04 17:31:48 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/12/03 23:14:42 | 000,221,719 | ---- | C] () -- C:\Users\John O. B. Cole\AppData\Local\census.cache
[2011/12/03 23:14:37 | 000,093,272 | ---- | C] () -- C:\Users\John O. B. Cole\AppData\Local\ars.cache
[2011/12/03 23:07:59 | 000,000,036 | ---- | C] () -- C:\Users\John O. B. Cole\AppData\Local\housecall.guid.cache
[2011/09/24 22:51:35 | 000,000,326 | ---- | C] () -- C:\Windows\wininit.ini
[2011/08/04 05:32:35 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/04 05:32:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/05/16 21:30:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\8532util.dll
[2011/05/16 21:30:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ICMSetup532.dll
[2011/01/15 22:31:33 | 000,006,144 | ---- | C] () -- C:\Users\John O. B. Cole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 23:03:04 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/05/20 20:50:24 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

========== LOP Check ==========

[2011/12/05 21:51:51 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\AVG
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Azureus
[2011/10/05 23:31:49 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Babylon
[2011/01/25 23:40:59 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\BitLord
[2012/04/06 21:55:57 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\COCO
[2011/07/09 23:05:46 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\CoCreate
[2010/08/20 22:21:34 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/07 21:45:47 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\DiskAid
[2011/04/13 20:01:22 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\EconEx
[2011/01/24 23:00:22 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\FinalTorrent
[2012/04/18 18:30:22 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\IObit
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Juniper Networks
[2012/04/18 18:30:23 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\LibreOffice
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Media Get LLC
[2012/04/18 18:30:29 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\OpenOffice.org
[2011/10/27 21:39:16 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Pine Grove Software
[2011/01/25 00:18:05 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Python-Eggs
[2011/01/01 22:38:58 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Registry Mechanic
[2011/12/06 20:04:47 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Smart PC Solutions
[2012/04/18 18:30:29 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Stock NeuroMaster
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\StockFusion Studio
[2011/10/20 22:11:29 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\WeatherBug
[2011/01/30 22:40:09 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Windows Live Writer
[2012/04/26 20:23:45 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2002/06/05 11:00:28 | 000,065,536 | ---- | M] () -- C:\Amcap532.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: JOHNOBCOLE-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 RECOVERY NTFS Partition 14 GB Healthy System
Volume 2 C OS NTFS Partition 283 GB Healthy Boot

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DF934660
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D4A168E0
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#21
joczr21

joczr21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hey. Did you want me to post in this discussion?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP