Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smart Scan Virus on Vista pc...Wifi connection [Solved]


  • This topic is locked This topic is locked

#1
TanyaG6

TanyaG6

    Member

  • Member
  • PipPip
  • 13 posts
Last night my laptop was attacked by the smart scan virus...I have multiple pop-ups messages saying hard drive boot section error, not enough room for the process to work,etc.

I went to malwaretips.com/blogs/remove s.m.a.r.t check and followed their steps. Ran RKill, Malwarebytes Anti-Malware free, (rebooted at prompt)Hitman Pro 3 and STILL cant remove this horrible virus!

Please help me

Tanya
Helper by Raktor
Build 20100414
Run at 07:44:34 on 05/14/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

OTL logfile created on: 5/14/2012 7:41:35 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\michelle618\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 3.22 Gb Available Physical Memory | 80.66% Memory free
4.16 Gb Paging File | 3.52 Gb Available in Paging File | 84.54% Paging File free
Paging file location(s): c:\pagefile.sys 300 500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 19.78 Gb Free Space | 6.87% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.92 Gb Free Space | 99.21% Space Free | Partition Type: NTFS

Computer Name: MICHELLE618-PC | User Name: michelle618 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/14 07:41:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\michelle618\Downloads\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/01/07 16:24:16 | 000,470,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/01/07 16:24:06 | 007,700,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/10/16 17:06:40 | 001,039,360 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV:64bit: - [2008/06/26 06:10:00 | 000,246,272 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d0e22e95\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/26 06:09:50 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d0e22e95\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/06/09 23:47:06 | 000,031,744 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/04/26 10:38:59 | 000,876,976 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxdicoms.exe -- (lxdi_device)
SRV:64bit: - [2007/04/26 10:38:48 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/04/29 11:30:44 | 000,091,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/26 10:38:48 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007/04/26 10:38:38 | 000,517,040 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxdicoms.exe -- (lxdi_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/14 06:08:11 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/04 14:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/20 23:56:36 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/11 00:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/01/07 09:35:42 | 000,033,792 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sustucau.sys -- (SUSTUCAU)
DRV:64bit: - [2009/01/07 09:35:40 | 000,056,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sustucap.sys -- (SUSTUCAP)
DRV:64bit: - [2009/01/07 09:35:40 | 000,056,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sustucam.sys -- (SUSTUCAM)
DRV:64bit: - [2008/06/26 06:10:10 | 000,457,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/06/16 06:59:30 | 000,125,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/06/16 06:58:58 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/06/12 23:45:00 | 000,019,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/06/12 23:44:54 | 000,120,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/12 23:44:54 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/06/12 23:44:52 | 000,092,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/06/09 23:47:00 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/06/09 23:46:52 | 001,372,664 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/06/04 01:54:58 | 000,316,184 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2008/06/04 01:54:58 | 000,173,368 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/06/03 23:56:56 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/06/03 05:41:24 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2008/06/03 05:26:06 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/06/03 05:26:04 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/06/03 05:26:02 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/05/21 03:46:24 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {5E81B497-B701-4EEC-8660-2BCA707B943D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5E81B497-B701-4EEC-8660-2BCA707B943D}: "URL" = http://www.google.co...1I7GPEA_enUS303
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9166BC95-9BAC-49D3-9413-7293CB0ECEC7}: "URL" = http://search.about....s={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-tyc8
IE - HKCU\..\SearchScopes\{F6D06027-49CF-470A-97F5-8B243E3D95AB}: "URL" = http://www.ask.com/w...src=0&o=0&l=dir
IE - HKCU\..\SearchScopes\{F74F753E-8D4D-4117-9646-F17E5F047CC4}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Answers.com"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/16 20:12:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/06 00:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/22 19:10:35 | 000,000,000 | ---D | M]

[2008/08/05 01:10:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\michelle618\AppData\Roaming\Mozilla\Extensions
[2012/05/03 18:17:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\michelle618\AppData\Roaming\Mozilla\Firefox\Profiles\5bsmabgk.default\extensions
[2009/12/17 08:30:40 | 000,000,000 | -H-D | M] ("ColorfulTabs") -- C:\Users\michelle618\AppData\Roaming\Mozilla\Firefox\Profiles\5bsmabgk.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/09/04 22:48:52 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\michelle618\AppData\Roaming\Mozilla\Firefox\Profiles\5bsmabgk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/21 08:31:02 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\michelle618\AppData\Roaming\Mozilla\Firefox\Profiles\5bsmabgk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/31 18:47:40 | 000,000,000 | -H-D | M] (Targeted Advertising Cookie Opt-Out (TACO)) -- C:\Users\michelle618\AppData\Roaming\Mozilla\Firefox\Profiles\5bsmabgk.default\extensions\[email protected]
[2012/02/07 22:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/16 20:12:57 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE GEARS\FIREFOX
[2008/01/04 03:38:50 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2008/07/14 00:55:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [cnAjllxrOCI.exe] C:\ProgramData\cnAjllxrOCI.exe ( )
O4 - HKCU..\Run: [Easy Dock] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE99E5B6-49B1-43CE-8EF9-CD0185398B8E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GO333C~1\GoogleDesktopNetwork3.dll) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/14 05:48:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\HitmanPro
[2012/05/14 02:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/14 02:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/14 01:40:30 | 000,000,000 | -H-D | C] -- C:\Users\michelle618\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/05/10 03:11:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/09 19:41:47 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[2012/05/09 19:41:43 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/09 19:41:42 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/05/09 19:41:42 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/05/09 19:41:42 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/05/09 19:41:41 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/05/09 19:40:58 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/27 03:02:15 | 000,000,000 | ---D | C] -- C:\Windows\TempBA89CA02-D233-2498-1A99-359441EF65C1-Signatures
[2012/04/22 09:19:22 | 000,000,000 | -H-D | C] -- C:\Users\michelle618\Desktop\New Folder (2)
[2 C:\Users\michelle618\Desktop\*.tmp files -> C:\Users\michelle618\Desktop\*.tmp -> ]
[1 C:\Users\michelle618\Documents\*.tmp files -> C:\Users\michelle618\Documents\*.tmp -> ]
[1 C:\Users\michelle618\AppData\Local\*.tmp files -> C:\Users\michelle618\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/14 07:17:37 | 000,001,460 | ---- | M] () -- C:\Users\michelle618\AppData\Local\d3d9caps64.dat
[2012/05/14 07:11:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/14 07:09:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 07:09:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 07:09:19 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/05/14 06:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 06:11:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/05/14 06:08:30 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 06:08:11 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/05/14 06:04:41 | 000,001,530 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/05/14 02:12:43 | 000,000,112 | -H-- | M] () -- C:\Users\michelle618\Desktop\rk-proxy.reg
[2012/05/14 01:46:42 | 000,000,176 | -H-- | M] () -- C:\ProgramData\-PbDoc5nUxAFRJIr
[2012/05/14 01:46:42 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-PbDoc5nUxAFRJI
[2012/05/14 01:46:39 | 000,000,633 | -H-- | M] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/14 01:46:33 | 000,000,256 | -H-- | M] () -- C:\ProgramData\PbDoc5nUxAFRJI
[2012/05/14 01:40:30 | 000,000,609 | -H-- | M] () -- C:\Users\michelle618\Desktop\Data_Recovery.lnk
[2012/05/14 01:39:58 | 000,277,504 | -H-- | M] ( ) -- C:\ProgramData\PbDoc5nUxAFRJI.exe
[2012/05/14 01:26:44 | 000,383,488 | -H-- | M] ( ) -- C:\ProgramData\cnAjllxrOCI.exe
[2012/05/10 05:37:47 | 000,397,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 03:25:39 | 000,722,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/10 03:25:39 | 000,606,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/10 03:25:39 | 000,105,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/27 03:04:51 | 000,002,141 | ---- | M] () -- C:\Windows\epplauncher.mif
[2 C:\Users\michelle618\Desktop\*.tmp files -> C:\Users\michelle618\Desktop\*.tmp -> ]
[1 C:\Users\michelle618\Documents\*.tmp files -> C:\Users\michelle618\Documents\*.tmp -> ]
[1 C:\Users\michelle618\AppData\Local\*.tmp files -> C:\Users\michelle618\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/14 06:08:11 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/05/14 06:04:41 | 000,001,530 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/05/14 02:12:43 | 000,000,112 | -H-- | C] () -- C:\Users\michelle618\Desktop\rk-proxy.reg
[2012/05/14 01:46:39 | 000,000,633 | -H-- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/14 01:40:31 | 000,000,176 | -H-- | C] () -- C:\ProgramData\-PbDoc5nUxAFRJIr
[2012/05/14 01:40:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-PbDoc5nUxAFRJI
[2012/05/14 01:40:30 | 000,000,609 | -H-- | C] () -- C:\Users\michelle618\Desktop\Data_Recovery.lnk
[2012/05/14 01:40:16 | 000,000,256 | -H-- | C] () -- C:\ProgramData\PbDoc5nUxAFRJI
[2012/05/14 01:39:58 | 000,277,504 | -H-- | C] ( ) -- C:\ProgramData\PbDoc5nUxAFRJI.exe
[2012/05/14 01:29:04 | 000,383,488 | -H-- | C] ( ) -- C:\ProgramData\cnAjllxrOCI.exe
[2012/02/07 19:36:29 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2012/02/07 19:36:29 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2012/02/07 19:36:29 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2011/05/31 00:05:01 | 000,000,000 | -H-- | C] () -- C:\Users\michelle618\AppData\Local\{529D51F3-E2D5-4A1F-B241-E9B3C8BBA379}
[2011/05/23 13:10:05 | 000,000,000 | -H-- | C] () -- C:\Users\michelle618\AppData\Local\{2F510375-0214-4A26-AAB5-2353BF37E387}
[2011/03/29 15:22:01 | 000,722,192 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/11 20:36:33 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/03/09 22:08:37 | 000,683,801 | ---- | C] () -- C:\Windows\unins000.exe
[2011/03/09 22:08:37 | 000,005,480 | ---- | C] () -- C:\Windows\unins000.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:57DC3B52

< End of report >
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, TanyaG6! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.





Step 1.

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
  • Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.


Step 2.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
    IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
    IE - HKCU\..\SearchScopes\{F6D06027-49CF-470A-97F5-8B243E3D95AB}: "URL" = http://www.ask.com/w...src=0&o=0&l=dir
    [2008/01/04 03:38:50 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
    O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
    [2012/05/14 01:46:42 | 000,000,176 | -H-- | M] () -- C:\ProgramData\-PbDoc5nUxAFRJIr
    [2012/05/14 01:46:42 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-PbDoc5nUxAFRJI
    [2012/05/14 01:46:39 | 000,000,633 | -H-- | M] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
    [2012/05/14 01:46:33 | 000,000,256 | -H-- | M] () -- C:\ProgramData\PbDoc5nUxAFRJI
    [2012/05/14 01:40:30 | 000,000,609 | -H-- | M] () -- C:\Users\michelle618\Desktop\Data_Recovery.lnk
    [2012/05/14 01:39:58 | 000,277,504 | -H-- | M] ( ) -- C:\ProgramData\PbDoc5nUxAFRJI.exe
    [2012/05/14 01:26:44 | 000,383,488 | -H-- | M] ( ) -- C:\ProgramData\cnAjllxrOCI.exe
    
    
    
    
    :files
    ipconfig /flushdns /c
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 3.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 4.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 5.

Please post:

All RKreport.txt files
OTL fix log
aswMBR log
OTL.txt
Extras.txt


Please update me on the issues with your computer that remain
  • 0

#3
TanyaG6

TanyaG6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
REPORT 1
RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Safe mode with network support
User: michelle618 [Admin rights]
Mode: Scan -- Date: 05/14/2012 17:17:39

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] exeHelper.com -- C:\Users\michelle618\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFJUZL2L\exeHelper.com -> KILLED [TermProc]

¤¤¤ Registry Entries: 22 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : cnAjllxrOCI.exe (C:\ProgramData\cnAjllxrOCI.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-761255007-4257669193-40547742-1000[...]\Run : cnAjllxrOCI.exe (C:\ProgramData\cnAjllxrOCI.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT1 ATA Device +++++
--- User ---
[MBR] 96b7b996ded6689afb29af830b52964d
[BSP] 1443d842b4cab0996f235e857ef3b6bd : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21133312 | Size: 294925 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



REPORT 2

RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Safe mode with network support
User: michelle618 [Admin rights]
Mode: Remove -- Date: 05/14/2012 17:18:14

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] exeHelper.com -- C:\Users\michelle618\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFJUZL2L\exeHelper.com -> KILLED [TermProc]

¤¤¤ Registry Entries: 21 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : cnAjllxrOCI.exe (C:\ProgramData\cnAjllxrOCI.exe) -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT1 ATA Device +++++
--- User ---
[MBR] 96b7b996ded6689afb29af830b52964d
[BSP] 1443d842b4cab0996f235e857ef3b6bd : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21133312 | Size: 294925 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



REPORT 3
RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Safe mode with network support
User: michelle618 [Admin rights]
Mode: Shortcuts HJfix -- Date: 05/14/2012 17:20:53

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] exeHelper.com -- C:\Users\michelle618\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFJUZL2L\exeHelper.com -> KILLED [TermProc]

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 704 / Fail 0
Quick launch: Success 15 / Fail 0
Programs: Success 4347 / Fail 0
Start menu: Success 42 / Fail 0
User folder: Success 25264 / Fail 0
My documents: Success 1243 / Fail 0
My favorites: Success 233 / Fail 0
My pictures: Success 1185 / Fail 0
My music: Success 56504 / Fail 0
My videos: Success 4 / Fail 0
Local drives: Success 3607 / Fail 0
Backup: [FOUND] Success 32 / Fail 1

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0

#4
TanyaG6

TanyaG6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I dont have the OTL icon on my desktop. Couldnt find it under search option. What should I do?

Thanks so much for helping me!
  • 0

#5
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

I dont have the OTL icon on my desktop. Couldnt find it under search option. What should I do?

That is OK no worries at all.

Just redownload it from here.

Then continue with Step 2. in Post #2.

And once you complete step 2 you should finish the rest of the steps in Post #2
  • 0

#6
TanyaG6

TanyaG6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F6D06027-49CF-470A-97F5-8B243E3D95AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D06027-49CF-470A-97F5-8B243E3D95AB}\ not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\ProgramData\-PbDoc5nUxAFRJIr moved successfully.
C:\ProgramData\-PbDoc5nUxAFRJI moved successfully.
C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk moved successfully.
C:\ProgramData\PbDoc5nUxAFRJI moved successfully.
C:\Users\michelle618\Desktop\Data_Recovery.lnk moved successfully.
C:\ProgramData\PbDoc5nUxAFRJI.exe moved successfully.
C:\ProgramData\cnAjllxrOCI.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\michelle618\Downloads\cmd.bat deleted successfully.
C:\Users\michelle618\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: michelle618
->Temp folder emptied: 100816786 bytes
->Temporary Internet Files folder emptied: 1276703452 bytes
->Java cache emptied: 76792717 bytes
->FireFox cache emptied: 77901699 bytes
->Flash cache emptied: 14390539 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sunshine
->Temp folder emptied: 200516 bytes
->Temporary Internet Files folder emptied: 12061701 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 16652 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 570200604 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 25784234 bytes

Total Files Cleaned = 2,055.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.43.0 log created on 05142012_190039
  • 0

#7
TanyaG6

TanyaG6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-14 20:20:20
-----------------------------
20:20:20.741 OS Version: Windows x64 6.0.6002 Service Pack 2
20:20:20.741 Number of processors: 2 586 0x1706
20:20:20.741 ComputerName: MICHELLE618-PC UserName: michelle618
20:20:22.395 Initialize success
20:29:13.419 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:29:13.419 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT1 11.01A11 Size: 305245MB BusType: 3
20:29:13.434 Disk 0 MBR read successfully
20:29:13.450 Disk 0 MBR scan
20:29:13.450 Disk 0 Windows VISTA default MBR code
20:29:13.497 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
20:29:13.543 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
20:29:13.559 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294925 MB offset 21133312
20:29:13.590 Disk 0 scanning C:\Windows\system32\drivers
20:29:23.793 Service scanning
20:29:45.211 Modules scanning
20:29:45.227 Disk 0 trace - called modules:
20:29:45.274 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:29:45.274 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047db060]
20:29:45.274 3 CLASSPNP.SYS[fffffa6000fd2c33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80045da940]
20:29:45.274 Scan finished successfully
20:36:07.957 Disk 0 MBR has been saved successfully to "C:\Users\michelle618\Desktop\MBR.dat"
20:36:07.973 The log file has been saved successfully to "C:\Users\michelle618\Desktop\aswMBR.txt"
  • 0

#8
TanyaG6

TanyaG6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL program freezes everytime I click run scan...

It dosent appear to be responding or working.

All my windows are closed except Internet Explorer.

When my computer gives the message OTL cant be stored to temp files...but will not respond when I attempt to "save as" so I can choose a location. I tried to work around by chosing to "save and run" maybe that's the problem? I dont have the program saved anywhere on my computer (to my knowledge).

Thanks

ETA: Should I unselect 64bit users and select scan all users or make sure both are selected. I left both selected

Edited by TanyaG6, 14 May 2012 - 08:06 PM.

  • 0

#9
TanyaG6

TanyaG6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
sorry...it did run!

OTL.Txt
seOTL logfile created on: 5/14/2012 8:55:21 PM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\michelle618\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.97 Gb Available Physical Memory | 74.34% Memory free
4.16 Gb Paging File | 3.31 Gb Available in Paging File | 79.45% Paging File free
Paging file location(s): c:\pagefile.sys 300 500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 21.53 Gb Free Space | 7.48% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.92 Gb Free Space | 99.21% Space Free | Partition Type: NTFS

Computer Name: MICHELLE618-PC | User Name: michelle618 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/14 20:54:32 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\michelle618\Downloads\OTL (4).exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/04/29 11:30:44 | 000,091,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/26 10:38:48 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007/04/26 10:38:38 | 000,517,040 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxdicoms.exe -- (lxdi_device)


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-19\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-20\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes,DefaultScope = {5E81B497-B701-4EEC-8660-2BCA707B943D}
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes\{5E81B497-B701-4EEC-8660-2BCA707B943D}: "URL" = http://www.google.co...1I7GPEA_enUS303
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes\{9166BC95-9BAC-49D3-9413-7293CB0ECEC7}: "URL" = http://search.about....s={searchTerms}
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-tyc8
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes\{F74F753E-8D4D-4117-9646-F17E5F047CC4}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Answers.com"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/16 20:12:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/06 00:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/14 19:00:39 | 000,000,000 | ---D | M]

[2008/08/05 01:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michelle618\AppData\Roaming\Mozilla\Extensions
[2012/05/03 18:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michelle618\AppData\Roaming\Mozilla\Firefox\Profiles\5bsmabgk.default\extensions
[2009/12/17 08:30:40 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\michelle618\AppData\Roaming\Mozilla\Firefox\Profiles\5bsmabgk.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/09/04 22:48:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\michelle618\AppData\Roaming\Mozilla\Firefox\Profiles\5bsmabgk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/21 08:31:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\michelle618\AppData\Roaming\Mozilla\Firefox\Profiles\5bsmabgk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/31 18:47:40 | 000,000,000 | ---D | M] (Targeted Advertising Cookie Opt-Out (TACO)) -- C:\Users\michelle618\AppData\Roaming\Mozilla\Firefox\Profiles\5bsmabgk.default\extensions\[email protected]
[2012/02/07 22:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/16 20:12:57 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE GEARS\FIREFOX
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2012/05/14 19:01:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-761255007-4257669193-40547742-1000..\Run: [Easy Dock] File not found
O4 - HKU\S-1-5-21-761255007-4257669193-40547742-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-761255007-4257669193-40547742-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE99E5B6-49B1-43CE-8EF9-CD0185398B8E}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GO333C~1\GoogleDesktopNetwork3.dll) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/05/14 19:00:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/14 17:17:24 | 000,000,000 | ---D | C] -- C:\Users\michelle618\Desktop\RK_Quarantine
[2012/05/14 08:32:26 | 000,000,000 | ---D | C] -- C:\Users\michelle618\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Virus Remover
[2012/05/14 08:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Virus Remover
[2012/05/14 05:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/05/14 02:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/14 02:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/14 01:40:30 | 000,000,000 | ---D | C] -- C:\Users\michelle618\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/05/10 03:11:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/27 03:02:15 | 000,000,000 | ---D | C] -- C:\Windows\TempBA89CA02-D233-2498-1A99-359441EF65C1-Signatures
[2012/04/22 09:19:22 | 000,000,000 | ---D | C] -- C:\Users\michelle618\Desktop\New Folder (2)
[2 C:\Users\michelle618\Desktop\*.tmp files -> C:\Users\michelle618\Desktop\*.tmp -> ]
[1 C:\Users\michelle618\Documents\*.tmp files -> C:\Users\michelle618\Documents\*.tmp -> ]
[1 C:\Users\michelle618\AppData\Local\*.tmp files -> C:\Users\michelle618\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/14 20:36:07 | 000,000,512 | ---- | M] () -- C:\Users\michelle618\Desktop\MBR.dat
[2012/05/14 20:25:23 | 000,001,460 | ---- | M] () -- C:\Users\michelle618\AppData\Local\d3d9caps64.dat
[2012/05/14 20:01:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/14 17:55:00 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/05/14 17:54:19 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/05/14 17:48:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 08:32:26 | 000,001,114 | ---- | M] () -- C:\Users\michelle618\Desktop\Smart Virus Remover.lnk
[2012/05/14 06:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 02:17:20 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/14 02:12:43 | 000,000,112 | ---- | M] () -- C:\Users\michelle618\Desktop\rk-proxy.reg
[2012/04/27 03:04:51 | 000,002,141 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/14 23:02:46 | 000,002,661 | ---- | M] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2 C:\Users\michelle618\Desktop\*.tmp files -> C:\Users\michelle618\Desktop\*.tmp -> ]
[1 C:\Users\michelle618\Documents\*.tmp files -> C:\Users\michelle618\Documents\*.tmp -> ]
[1 C:\Users\michelle618\AppData\Local\*.tmp files -> C:\Users\michelle618\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/14 20:36:07 | 000,000,512 | ---- | C] () -- C:\Users\michelle618\Desktop\MBR.dat
[2012/05/14 17:18:33 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2012/05/14 17:18:33 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/05/14 17:18:33 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Susteen Launcher.lnk
[2012/05/14 17:18:33 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/05/14 17:18:33 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\Play Penguins!.lnk
[2012/05/14 17:18:33 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2012/05/14 17:18:33 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Home & Business 2011.lnk
[2012/05/14 17:18:33 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2012/05/14 17:18:33 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Google Desktop.lnk
[2012/05/14 17:18:33 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8500 A910.lnk
[2012/05/14 17:18:33 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Cooking Academy.lnk
[2012/05/14 17:18:33 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/05/14 17:18:33 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/14 17:18:33 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012/05/14 17:18:33 | 000,000,840 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Zune.lnk
[2012/05/14 17:18:33 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012/05/14 17:18:33 | 000,000,357 | ---- | C] () -- C:\Users\Public\Desktop\Free Credit Report and Score.url
[2012/05/14 17:18:33 | 000,000,342 | ---- | C] () -- C:\Users\Public\Desktop\Complete Installation of Lexmark 5600-6600 Series.LNK
[2012/05/14 17:18:32 | 000,002,661 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2012/05/14 17:18:32 | 000,002,629 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft PowerPoint 2010.lnk
[2012/05/14 17:18:32 | 000,002,619 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk
[2012/05/14 17:18:32 | 000,002,617 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Access 2010.lnk
[2012/05/14 17:18:32 | 000,002,593 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft OneNote 2010.lnk
[2012/05/14 17:18:32 | 000,001,804 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/14 17:18:32 | 000,000,996 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/05/14 17:18:32 | 000,000,975 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/14 17:18:32 | 000,000,970 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/14 17:18:32 | 000,000,844 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/05/14 17:18:32 | 000,000,258 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/14 17:18:32 | 000,000,240 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/05/14 08:32:26 | 000,001,114 | ---- | C] () -- C:\Users\michelle618\Desktop\Smart Virus Remover.lnk
[2012/05/14 02:12:43 | 000,000,112 | ---- | C] () -- C:\Users\michelle618\Desktop\rk-proxy.reg
[2012/02/07 19:36:29 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2012/02/07 19:36:29 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2012/02/07 19:36:29 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2011/05/31 00:05:01 | 000,000,000 | ---- | C] () -- C:\Users\michelle618\AppData\Local\{529D51F3-E2D5-4A1F-B241-E9B3C8BBA379}
[2011/05/23 13:10:05 | 000,000,000 | ---- | C] () -- C:\Users\michelle618\AppData\Local\{2F510375-0214-4A26-AAB5-2353BF37E387}
[2011/03/29 15:22:01 | 000,722,192 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/11 20:36:33 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/03/09 22:08:37 | 000,683,801 | ---- | C] () -- C:\Windows\unins000.exe
[2011/03/09 22:08:37 | 000,005,480 | ---- | C] () -- C:\Windows\unins000.dat

========== LOP Check ==========

[2008/10/02 18:17:26 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\ITTNord
[2009/02/05 21:45:52 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\Lexmark Productivity Studio
[2009/01/16 17:11:59 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\OpenOffice.org
[2008/08/05 01:33:17 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\PeerNetworking
[2009/03/18 01:26:15 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\Pogo Games
[2008/11/16 03:27:24 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\SecondLife
[2008/12/25 22:47:02 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\SpinTop
[2008/08/04 17:55:49 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\Template
[2010/01/02 02:06:02 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\Tific
[2009/07/08 12:32:27 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\uTorrent
[2012/05/14 17:54:59 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache86\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\ERDNT\cache64\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A32E2B4E-EB81-4865-BFF1-E440FAF1DDB3}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A7F45A49-3021-488E-9E2B-C208762D5AFD}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DE99E5B6-49B1-43CE-8EF9-CD0185398B8E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 04 01 02 01 00 01 06 01 09 01 0B 01 08 01 05 01 03 01 01 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 11
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/01/06 00:25:54 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/01/06 00:25:54 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/01/06 00:25:54 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2010/01/06 00:25:54 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2010/01/06 00:25:54 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2010/01/06 00:25:54 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/05/06 19:08:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/05/06 19:08:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/05/06 19:08:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/06 19:08:24 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/05/06 19:08:24 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/06 19:08:14 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/06 19:08:14 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/06 19:08:14 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/06 19:08:24 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/05/06 19:08:24 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: MICHELLE618-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F RAW DVD-ROM 2048 B Healthy
Volume 1 D RECOVERY NTFS Partition 10 GB Healthy
Volume 2 C OS NTFS Partition 288 GB Healthy System

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:57DC3B52

< End of report >





EXTRAS.txt

OTL Extras logfile created on: 5/14/2012 8:55:21 PM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\michelle618\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.97 Gb Available Physical Memory | 74.34% Memory free
4.16 Gb Paging File | 3.31 Gb Available in Paging File | 79.45% Paging File free
Paging file location(s): c:\pagefile.sys 300 500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 21.53 Gb Free Space | 7.48% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.92 Gb Free Space | 99.21% Space Free | Partition Type: NTFS

Computer Name: MICHELLE618-PC | User Name: michelle618 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056170F8-77DF-45E7-98E6-C7F8C6275735}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0B09C4CD-5B90-42E0-BB97-8D27B28B8BF8}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{11BED819-B214-46F1-806B-141953356F23}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1B1E87EC-FB0D-4702-8256-BFCF807D80FB}" = lport=138 | protocol=17 | dir=in | app=system |
"{246D7468-3F28-4DC3-8543-1F2D77832FFB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{2DD68B0A-323D-4B20-BAF4-B08FFC39CA48}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E852B88-6D7C-42E1-9B10-25665B1F8FFC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F141A2D-5E6C-45A5-8CCE-D6CC8FD68FB1}" = lport=137 | protocol=17 | dir=in | app=system |
"{499D7E5B-80A0-43CD-9F13-D5BD915078EF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4A2AAE05-6260-474D-AE22-150E3509191B}" = rport=2869 | protocol=6 | dir=out | app=system |
"{58ACDAA5-73F7-4754-B92E-58F530F02CEC}" = rport=138 | protocol=17 | dir=out | app=system |
"{5CBB11E2-A211-4D4B-86D5-D8256D9352E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{63AD7DA1-8BF1-4F72-AC3B-E91F7DF8D780}" = lport=445 | protocol=6 | dir=in | app=system |
"{969ABC4E-C720-410B-BB8B-E715A62572A6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9AD13258-911B-409D-81A0-9EDEFC69B02F}" = lport=139 | protocol=6 | dir=in | app=system |
"{A3B548F5-B83D-44AF-9FD1-7C67FAC8358E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AAD4F92C-2616-4413-9DB7-F5F3EFDFF2E6}" = rport=137 | protocol=17 | dir=out | app=system |
"{AD52531B-2904-4A03-98CA-02736B4973FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B139F1BD-D22B-4BCF-AF77-E2C174CC245B}" = rport=139 | protocol=6 | dir=out | app=system |
"{BCBD3130-21A2-40CA-AB22-7C86B6405363}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD59E230-7143-4503-88FE-E01677C38AD7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D15B5DA3-3A4D-4D02-B3AB-070A21B559D9}" = rport=445 | protocol=6 | dir=out | app=system |
"{D3163369-5563-4923-A789-0CABB6A56124}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{D4BAB3F4-D94E-4A71-867A-25D0FBD5F9EB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DDF973B7-00E1-4D35-9D24-30D39957A341}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EA71B870-9D31-4AE7-97CF-356BEAFCFFE1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FA580432-E9B6-4EB0-806B-8028D9DF0D16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE6B6A1A-1F75-472E-BE37-1D526B74AFC4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012B0BCC-1720-4E39-AC6C-7E1A28B04A12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{047CDCDF-7C09-4C18-BEEF-7C6B7A00A5A7}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{060E8D3E-93D7-473D-AE11-E810162F124C}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{061777C8-B0EE-4BBB-AF9D-B0D92290E3ED}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0B9AF5C9-435C-49C8-860B-F3CA3C370070}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{0CD4E40C-C26B-4629-8241-C2059B1D032A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0DD1AE12-E369-429E-905C-5FFFFE5A5317}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dms\clmsservice.exe |
"{14318FE2-6D70-45FC-830C-C4BB3EF4C75A}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{1560C3A5-CE7F-4A8F-B762-1B2964A2354D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxditime.exe |
"{16840DC3-21A3-45FF-88B3-131CC8FF070A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1C21CB8F-649C-444D-8AD4-F8C45FE944CC}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{1DB2207B-B661-4DF3-BD83-C86BBC580205}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{27F02AD7-99B4-49B2-99EF-40C912DB782D}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{3137DECE-0876-4875-8287-FE6A02E0A4A6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{357A8688-2995-46FF-BDD1-326CE3792112}" = protocol=58 | dir=in | [email protected],-28545 |
"{367632C8-B4C4-426C-BC37-CF5741A43C47}" = dir=in | app=c:\program files (x86)\dell\mediadirect\pcmservice.exe |
"{373E9BEE-9B7D-4BEE-A397-FFDC2F8F54F3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3BE830EE-1CA4-4E12-B7ED-8AE4E4A2E545}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4C42F400-3315-43BB-8DB0-4A702375435C}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdicoms.exe |
"{4FE947DB-CFD2-4E34-9498-2F97963EE66A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{55181CC3-D033-4EDE-BCBB-8E5BFF525BC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{557EBA09-7F63-45B4-AE06-4137ECDBAF47}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5985D0EF-06FA-4472-9D22-2A67CEF43D28}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B28712B-9A73-438C-8A19-5D558CEC9230}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5B6F631A-2DE9-45C9-8F93-2F5F0B513699}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C0F4429-854C-4A45-BCA9-ECA1F87A4B67}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe |
"{67906598-7D77-46E2-9DD0-09F72AFD9055}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{6B620CE4-F1FC-4C65-AB48-850653CB8A34}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxditime.exe |
"{6BD39850-A8FD-4670-99AC-2247833B2277}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7268E0ED-368E-41D7-B0F4-5E308841E6B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74AEE663-6353-484A-A5D2-89D7C937389F}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{775A3754-64EA-46AE-AFA4-8D57F2285D2D}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe |
"{783228A5-9169-4CFA-90AF-E96084C6782D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{78F2D88B-52E6-4B20-B272-023548E570D0}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe |
"{81B2BD83-7B09-4F03-9AB7-86F9B572B29A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86637361-ACF8-415A-AD1B-06E0BBDF4219}" = protocol=58 | dir=out | [email protected],-28546 |
"{86B44815-BEB3-4924-B6A7-24FBBF278150}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{877FA3D1-9531-4E98-9E38-E1663D43A428}" = protocol=6 | dir=out | app=system |
"{8787B68F-279C-499C-A4D1-ED345AE35292}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\app4r.exe |
"{89444DA5-0E42-4F34-8E0A-B969FB270167}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark fax solutions\faxctr.exe |
"{8B37AD8F-AEEE-4A62-8F2A-F706ABA47D62}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{8BD84755-0458-4BBE-A777-49FC4899485C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8CFA19B7-0B1D-443E-B668-A07B96920174}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{8EE87B9A-E771-4D38-8E34-B3F53047EEC0}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\app4r.exe |
"{9C8872B7-AA83-4097-917E-AF2836CAD614}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A2E8863E-D1FB-4B13-A26A-8C38DCA125FD}" = protocol=1 | dir=in | [email protected],-28543 |
"{A764A790-97BE-47B7-AA89-C5EB5C6E7A47}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe |
"{A7E7107E-4AFA-44E8-80A2-5E26557DD8AC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A84A1132-3763-4D01-8093-4F695ADA168E}" = dir=in | app=c:\program files (x86)\dell\mediadirect\mediadirect.exe |
"{ACBD3C6D-6944-4D22-BA27-8B047A254FF5}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark fax solutions\faxctr.exe |
"{B6571456-2797-4A5C-A9AB-C5CE003492CE}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{BC2CADCD-3D4A-490A-84AB-5196DD977A1E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BDFE5207-2225-46E2-A0CD-04625BBD9156}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{BEBD71D7-95CE-4D5A-A748-9C7017235E11}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{BF98207C-B0D8-49C3-A796-80876D83844E}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{C07975A0-2E6E-4BCC-9560-5C0803E9924F}" = protocol=1 | dir=out | [email protected],-28544 |
"{C25412BF-4935-4730-A544-BC73D07E6C22}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{CA544369-046F-4C97-B3B5-FB6FC1D15DDE}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdipswx.exe |
"{CD5D20C1-314A-46AD-ADC0-92EBE4A87355}" = protocol=58 | dir=in | [email protected],-148 |
"{D4386B4D-3730-4EBE-A377-1E096F247418}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdicoms.exe |
"{DD81F8F8-24BF-4F20-BC1C-A58AD0591842}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{E94E0D8F-A54D-4297-8A8A-A3E5033900A4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EAC2DC64-D03E-4892-8070-343889515A0B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EE1C73CA-3E4B-417C-8C29-1C5E78384FA7}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdipswx.exe |
"{F9985965-033B-4735-A34D-00BC1C3CBD69}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{FFFED267-246C-44C5-8344-9DC25BD0FE5D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{BFCD478B-DBD6-48D2-A766-C4AE0FE2A772}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{703B56CE-C440-4DAE-8051-B964C3AEA4B8}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB}" = Comcast Universal Installer v1.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{61933675-EFC7-4190-90B6-5AD56E1D9294}" = Marketsplash Print Software
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{750B354A-BF46-45E0-86D6-620026703B92}" = Nancy Drew: The Haunted Carousel
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99ED894F-60CF-4D71-A645-442CD041D595}" = Susteen Launcher
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC5B3E0-C656-4070-9CF0-E592EC60AD42}" = MotoConnect
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audacity_is1" = Audacity 1.2.6
"Bejeweled 2" = Bejeweled 2
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"Bookworm Deluxe 1.13" = Bookworm Deluxe 1.13
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cooking Academy" = Cooking Academy
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"Discovery" = Discovery
"Fashion Apprentice" = Fashion Apprentice
"GameHouse" = GameHouse
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"InstallShield_{99ED894F-60CF-4D71-A645-442CD041D595}" = Susteen Launcher
"InstallShield_{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MyITLab ActiveX Installer_is1" = MyITLab ActiveX Installer 2, 9, 8, 65535
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"Picasa2" = Picasa 2
"RCA Detective™_is1" = RCA Detective™ 3.0.0.101
"RCA easyRip_is1" = RCA easyRip 2.5.2.0
"RCA Updater_is1" = RCA Updater 1.0.4.0
"Wheel Of Fortune 2" = Wheel Of Fortune 2 (remove only)
"Winamp" = Winamp
"WT016060" = Penguins!
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2008 2:22:58 AM | Computer Name = michelle618-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/14/2008 2:22:58 AM | Computer Name = michelle618-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/14/2008 2:48:30 AM | Computer Name = michelle618-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/14/2008 2:48:41 AM | Computer Name = michelle618-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/14/2008 2:55:43 AM | Computer Name = michelle618-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/29/2011 4:25:15 PM | Computer Name = michelle618-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2011 4:28:15 PM | Computer Name = michelle618-PC | Source = EventSystem | ID = 4621
Description =

Error - 3/29/2011 4:29:54 PM | Computer Name = michelle618-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2011 4:53:44 PM | Computer Name = michelle618-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/30/2011 12:01:03 PM | Computer Name = michelle618-PC | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 2/14/2012 6:19:13 AM | Computer Name = michelle618-PC | Source = WLAN-Tray | ID = 0
Description = 04:19:12, Tue, Feb 14, 12 Error - Unable to gain access to user store


Error - 2/18/2012 6:26:57 PM | Computer Name = michelle618-PC | Source = WLAN-Tray | ID = 0
Description = 16:26:57, Sat, Feb 18, 12 Error - Unable to gain access to user store


Error - 2/18/2012 6:31:03 PM | Computer Name = michelle618-PC | Source = WLAN-Tray | ID = 0
Description = 16:31:03, Sat, Feb 18, 12 Error - Unable to gain access to user store


Error - 2/18/2012 8:18:25 PM | Computer Name = michelle618-PC | Source = WLAN-Tray | ID = 0
Description = 18:18:24, Sat, Feb 18, 12 Error - Unable to gain access to user store


Error - 2/21/2012 8:07:33 PM | Computer Name = michelle618-PC | Source = WLAN-Tray | ID = 0
Description = 18:07:32, Tue, Feb 21, 12 Error - Unable to gain access to user store


Error - 4/12/2012 11:06:52 PM | Computer Name = michelle618-PC | Source = WLAN-Tray | ID = 0
Description = 22:06:51, Thu, Apr 12, 12 Error - Unable to gain access to user store


Error - 5/14/2012 6:33:13 AM | Computer Name = michelle618-PC | Source = WLAN-Tray | ID = 0
Description = 05:33:12, Mon, May 14, 12 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 10/4/2008 5:35:27 PM | Computer Name = michelle618-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 10/12/2008 12:35:39 PM | Computer Name = michelle618-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 11/9/2008 1:39:55 PM | Computer Name = michelle618-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 2/20/2009 6:42:17 PM | Computer Name = michelle618-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 4/30/2009 12:07:03 AM | Computer Name = michelle618-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/10/2009 1:28:39 PM | Computer Name = michelle618-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/26/2009 6:18:40 AM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/26/2009 8:36:09 AM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/26/2009 9:51:08 AM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/26/2009 3:50:32 PM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/26/2009 5:46:37 PM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/26/2009 8:56:01 PM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/27/2009 10:09:48 AM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/27/2009 6:53:15 PM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/27/2009 11:55:58 PM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/28/2009 12:59:58 AM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.


< End of report >
  • 0

#10
TanyaG6

TanyaG6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ALL RKreport.txt files:

RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Safe mode with network support
User: michelle618 [Admin rights]
Mode: Scan -- Date: 05/14/2012 17:17:39

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] exeHelper.com -- C:\Users\michelle618\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFJUZL2L\exeHelper.com -> KILLED [TermProc]

¤¤¤ Registry Entries: 22 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : cnAjllxrOCI.exe (C:\ProgramData\cnAjllxrOCI.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-761255007-4257669193-40547742-1000[...]\Run : cnAjllxrOCI.exe (C:\ProgramData\cnAjllxrOCI.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT1 ATA Device +++++
--- User ---
[MBR] 96b7b996ded6689afb29af830b52964d
[BSP] 1443d842b4cab0996f235e857ef3b6bd : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21133312 | Size: 294925 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Safe mode with network support
User: michelle618 [Admin rights]
Mode: Remove -- Date: 05/14/2012 17:18:14

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] exeHelper.com -- C:\Users\michelle618\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFJUZL2L\exeHelper.com -> KILLED [TermProc]

¤¤¤ Registry Entries: 21 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : cnAjllxrOCI.exe (C:\ProgramData\cnAjllxrOCI.exe) -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT1 ATA Device +++++
--- User ---
[MBR] 96b7b996ded6689afb29af830b52964d
[BSP] 1443d842b4cab0996f235e857ef3b6bd : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21133312 | Size: 294925 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Safe mode with network support
User: michelle618 [Admin rights]
Mode: Shortcuts HJfix -- Date: 05/14/2012 17:20:53

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] exeHelper.com -- C:\Users\michelle618\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BFJUZL2L\exeHelper.com -> KILLED [TermProc]

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 704 / Fail 0
Quick launch: Success 15 / Fail 0
Programs: Success 4347 / Fail 0
Start menu: Success 42 / Fail 0
User folder: Success 25264 / Fail 0
My documents: Success 1243 / Fail 0
My favorites: Success 233 / Fail 0
My pictures: Success 1185 / Fail 0
My music: Success 56504 / Fail 0
My videos: Success 4 / Fail 0
Local drives: Success 3607 / Fail 0
Backup: [FOUND] Success 32 / Fail 1

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : Rogue.FakeHDD ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0

Advertisements


#11
TanyaG6

TanyaG6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL FIX LOG:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F6D06027-49CF-470A-97F5-8B243E3D95AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D06027-49CF-470A-97F5-8B243E3D95AB}\ not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\ProgramData\-PbDoc5nUxAFRJIr moved successfully.
C:\ProgramData\-PbDoc5nUxAFRJI moved successfully.
C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk moved successfully.
C:\ProgramData\PbDoc5nUxAFRJI moved successfully.
C:\Users\michelle618\Desktop\Data_Recovery.lnk moved successfully.
C:\ProgramData\PbDoc5nUxAFRJI.exe moved successfully.
C:\ProgramData\cnAjllxrOCI.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\michelle618\Downloads\cmd.bat deleted successfully.
C:\Users\michelle618\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: michelle618
->Temp folder emptied: 100816786 bytes
->Temporary Internet Files folder emptied: 1276703452 bytes
->Java cache emptied: 76792717 bytes
->FireFox cache emptied: 77901699 bytes
->Flash cache emptied: 14390539 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sunshine
->Temp folder emptied: 200516 bytes
->Temporary Internet Files folder emptied: 12061701 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 16652 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 570200604 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 25784234 bytes

Total Files Cleaned = 2,055.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.43.0 log created on 05142012_190039

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File\Folder C:\Users\michelle618\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\AHKC1MAQ\MVl9xUElBUSUyNTI2bnVtJTI1M0QxJTI1MjZzaWclMjUzREFPRDY0XzEyM2NJZ0lORmU2OWpJa2NkUnpKTDV2eWlXTnclMjUyNmNsaWVudCUyNTNEY2EtcHViLTkzODMwODAyODUxNjU2NjUlMjUyNmFkdXJsJTI1M0QX[1].js not found!
File\Folder C:\Users\michelle618\AppData\Local\Temp\~DFA37.tmp not found!
File\Folder C:\Users\michelle618\AppData\Local\Temp\~DFA3F.tmp not found!
File\Folder C:\Users\michelle618\AppData\Local\Temp\~DFAB6.tmp not found!
File\Folder C:\Users\michelle618\AppData\Local\Temp\~DFABC.tmp not found!
File\Folder C:\Users\michelle618\AppData\Local\Temp\~DFCB7.tmp not found!
File\Folder C:\Users\michelle618\AppData\Local\Temp\~DFCBC.tmp not found!
File\Folder C:\Users\michelle618\AppData\Local\Temp\~DFE09.tmp not found!
File\Folder C:\Users\michelle618\AppData\Local\Temp\~DFE0E.tmp not found!
File move failed. C:\Users\michelle618\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat scheduled to be moved on reboot.
File move failed. C:\Users\michelle618\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat scheduled to be moved on reboot.
C:\Users\michelle618\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PWONHJ3X\317892-smart-scan-virus-on-vista-pcwifi-connection[1].htm moved successfully.
C:\Users\michelle618\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PWONHJ3X\dref=http%253A%252F%252Fwww.myfitnesspal[1].htm moved successfully.
C:\Users\michelle618\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PWONHJ3X\fastbutton[2].htm moved successfully.
C:\Users\michelle618\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK24DGE6\recent[1].htm moved successfully.
C:\Users\michelle618\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK24DGE6\um[1].htm moved successfully.
C:\Users\michelle618\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14IHXNO2\fastbutton[1].htm moved successfully.

Registry entries deleted on Reboot...
  • 0

#12
TanyaG6

TanyaG6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
aswMBR.log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-14 20:20:20
-----------------------------
20:20:20.741 OS Version: Windows x64 6.0.6002 Service Pack 2
20:20:20.741 Number of processors: 2 586 0x1706
20:20:20.741 ComputerName: MICHELLE618-PC UserName: michelle618
20:20:22.395 Initialize success
20:29:13.419 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:29:13.419 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT1 11.01A11 Size: 305245MB BusType: 3
20:29:13.434 Disk 0 MBR read successfully
20:29:13.450 Disk 0 MBR scan
20:29:13.450 Disk 0 Windows VISTA default MBR code
20:29:13.497 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
20:29:13.543 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
20:29:13.559 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294925 MB offset 21133312
20:29:13.590 Disk 0 scanning C:\Windows\system32\drivers
20:29:23.793 Service scanning
20:29:45.211 Modules scanning
20:29:45.227 Disk 0 trace - called modules:
20:29:45.274 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:29:45.274 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047db060]
20:29:45.274 3 CLASSPNP.SYS[fffffa6000fd2c33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80045da940]
20:29:45.274 Scan finished successfully
20:36:07.957 Disk 0 MBR has been saved successfully to "C:\Users\michelle618\Desktop\MBR.dat"
20:36:07.973 The log file has been saved successfully to "C:\Users\michelle618\Desktop\aswMBR.txt"
  • 0

#13
TanyaG6

TanyaG6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL.txt

seOTL logfile created on: 5/14/2012 8:55:21 PM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\michelle618\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.97 Gb Available Physical Memory | 74.34% Memory free
4.16 Gb Paging File | 3.31 Gb Available in Paging File | 79.45% Paging File free
Paging file location(s): c:\pagefile.sys 300 500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 21.53 Gb Free Space | 7.48% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.92 Gb Free Space | 99.21% Space Free | Partition Type: NTFS

Computer Name: MICHELLE618-PC | User Name: michelle618 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/14 20:54:32 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\michelle618\Downloads\OTL (4).exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/04/29 11:30:44 | 000,091,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/05/31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/26 10:38:48 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007/04/26 10:38:38 | 000,517,040 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxdicoms.exe -- (lxdi_device)


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-19\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-20\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes,DefaultScope = {5E81B497-B701-4EEC-8660-2BCA707B943D}
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes\{5E81B497-B701-4EEC-8660-2BCA707B943D}: "URL" = http://www.google.co...1I7GPEA_enUS303
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes\{9166BC95-9BAC-49D3-9413-7293CB0ECEC7}: "URL" = http://search.about....s={searchTerms}
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-tyc8
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes\{F74F753E-8D4D-4117-9646-F17E5F047CC4}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
IE - HKU\S-1-5-21-761255007-4257669193-40547742-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Answers.com"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/16 20:12:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/06 00:25:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/14 19:00:39 | 000,000,000 | ---D | M]

[2008/08/05 01:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michelle618\AppData\Roaming\Mozilla\Extensions
[2012/05/03 18:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\michelle618\AppData\Roaming\Mozilla\Firefox\Profiles\5bsmabgk.default\extensions
[2009/12/17 08:30:40 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\michelle618\AppData\Roaming\Mozilla\Firefox\Profiles\5bsmabgk.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/09/04 22:48:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\michelle618\AppData\Roaming\Mozilla\Firefox\Profiles\5bsmabgk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/21 08:31:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\michelle618\AppData\Roaming\Mozilla\Firefox\Profiles\5bsmabgk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/31 18:47:40 | 000,000,000 | ---D | M] (Targeted Advertising Cookie Opt-Out (TACO)) -- C:\Users\michelle618\AppData\Roaming\Mozilla\Firefox\Profiles\5bsmabgk.default\extensions\[email protected]
[2012/02/07 22:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/16 20:12:57 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE GEARS\FIREFOX
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2012/05/14 19:01:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-761255007-4257669193-40547742-1000..\Run: [Easy Dock] File not found
O4 - HKU\S-1-5-21-761255007-4257669193-40547742-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-761255007-4257669193-40547742-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-761255007-4257669193-40547742-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Bejeweled%202/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Bejeweled%202/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE99E5B6-49B1-43CE-8EF9-CD0185398B8E}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GO333C~1\GoogleDesktopNetwork3.dll) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/05/14 19:00:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/14 17:17:24 | 000,000,000 | ---D | C] -- C:\Users\michelle618\Desktop\RK_Quarantine
[2012/05/14 08:32:26 | 000,000,000 | ---D | C] -- C:\Users\michelle618\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Virus Remover
[2012/05/14 08:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Virus Remover
[2012/05/14 05:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/05/14 02:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/14 02:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/14 01:40:30 | 000,000,000 | ---D | C] -- C:\Users\michelle618\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/05/10 03:11:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/27 03:02:15 | 000,000,000 | ---D | C] -- C:\Windows\TempBA89CA02-D233-2498-1A99-359441EF65C1-Signatures
[2012/04/22 09:19:22 | 000,000,000 | ---D | C] -- C:\Users\michelle618\Desktop\New Folder (2)
[2 C:\Users\michelle618\Desktop\*.tmp files -> C:\Users\michelle618\Desktop\*.tmp -> ]
[1 C:\Users\michelle618\Documents\*.tmp files -> C:\Users\michelle618\Documents\*.tmp -> ]
[1 C:\Users\michelle618\AppData\Local\*.tmp files -> C:\Users\michelle618\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/14 20:36:07 | 000,000,512 | ---- | M] () -- C:\Users\michelle618\Desktop\MBR.dat
[2012/05/14 20:25:23 | 000,001,460 | ---- | M] () -- C:\Users\michelle618\AppData\Local\d3d9caps64.dat
[2012/05/14 20:01:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/14 17:55:00 | 000,004,268 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/05/14 17:54:19 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/05/14 17:48:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 08:32:26 | 000,001,114 | ---- | M] () -- C:\Users\michelle618\Desktop\Smart Virus Remover.lnk
[2012/05/14 06:33:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 02:17:20 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/14 02:12:43 | 000,000,112 | ---- | M] () -- C:\Users\michelle618\Desktop\rk-proxy.reg
[2012/04/27 03:04:51 | 000,002,141 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/14 23:02:46 | 000,002,661 | ---- | M] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2 C:\Users\michelle618\Desktop\*.tmp files -> C:\Users\michelle618\Desktop\*.tmp -> ]
[1 C:\Users\michelle618\Documents\*.tmp files -> C:\Users\michelle618\Documents\*.tmp -> ]
[1 C:\Users\michelle618\AppData\Local\*.tmp files -> C:\Users\michelle618\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/14 20:36:07 | 000,000,512 | ---- | C] () -- C:\Users\michelle618\Desktop\MBR.dat
[2012/05/14 17:18:33 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910.lnk
[2012/05/14 17:18:33 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/05/14 17:18:33 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Susteen Launcher.lnk
[2012/05/14 17:18:33 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/05/14 17:18:33 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\Play Penguins!.lnk
[2012/05/14 17:18:33 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8500 A910.lnk
[2012/05/14 17:18:33 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Home & Business 2011.lnk
[2012/05/14 17:18:33 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8500 A910 Scan.lnk
[2012/05/14 17:18:33 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Google Desktop.lnk
[2012/05/14 17:18:33 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8500 A910.lnk
[2012/05/14 17:18:33 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Cooking Academy.lnk
[2012/05/14 17:18:33 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/05/14 17:18:33 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/14 17:18:33 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012/05/14 17:18:33 | 000,000,840 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Zune.lnk
[2012/05/14 17:18:33 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012/05/14 17:18:33 | 000,000,357 | ---- | C] () -- C:\Users\Public\Desktop\Free Credit Report and Score.url
[2012/05/14 17:18:33 | 000,000,342 | ---- | C] () -- C:\Users\Public\Desktop\Complete Installation of Lexmark 5600-6600 Series.LNK
[2012/05/14 17:18:32 | 000,002,661 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2012/05/14 17:18:32 | 000,002,629 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft PowerPoint 2010.lnk
[2012/05/14 17:18:32 | 000,002,619 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk
[2012/05/14 17:18:32 | 000,002,617 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Access 2010.lnk
[2012/05/14 17:18:32 | 000,002,593 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft OneNote 2010.lnk
[2012/05/14 17:18:32 | 000,001,804 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/14 17:18:32 | 000,000,996 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/05/14 17:18:32 | 000,000,975 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/14 17:18:32 | 000,000,970 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/14 17:18:32 | 000,000,844 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/05/14 17:18:32 | 000,000,258 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/14 17:18:32 | 000,000,240 | ---- | C] () -- C:\Users\michelle618\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/05/14 08:32:26 | 000,001,114 | ---- | C] () -- C:\Users\michelle618\Desktop\Smart Virus Remover.lnk
[2012/05/14 02:12:43 | 000,000,112 | ---- | C] () -- C:\Users\michelle618\Desktop\rk-proxy.reg
[2012/02/07 19:36:29 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2012/02/07 19:36:29 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2012/02/07 19:36:29 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2011/05/31 00:05:01 | 000,000,000 | ---- | C] () -- C:\Users\michelle618\AppData\Local\{529D51F3-E2D5-4A1F-B241-E9B3C8BBA379}
[2011/05/23 13:10:05 | 000,000,000 | ---- | C] () -- C:\Users\michelle618\AppData\Local\{2F510375-0214-4A26-AAB5-2353BF37E387}
[2011/03/29 15:22:01 | 000,722,192 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/11 20:36:33 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/03/09 22:08:37 | 000,683,801 | ---- | C] () -- C:\Windows\unins000.exe
[2011/03/09 22:08:37 | 000,005,480 | ---- | C] () -- C:\Windows\unins000.dat

========== LOP Check ==========

[2008/10/02 18:17:26 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\ITTNord
[2009/02/05 21:45:52 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\Lexmark Productivity Studio
[2009/01/16 17:11:59 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\OpenOffice.org
[2008/08/05 01:33:17 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\PeerNetworking
[2009/03/18 01:26:15 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\Pogo Games
[2008/11/16 03:27:24 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\SecondLife
[2008/12/25 22:47:02 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\SpinTop
[2008/08/04 17:55:49 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\Template
[2010/01/02 02:06:02 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\Tific
[2009/07/08 12:32:27 | 000,000,000 | ---D | M] -- C:\Users\michelle618\AppData\Roaming\uTorrent
[2012/05/14 17:54:59 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 01:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 21:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 01:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 00:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache86\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 21:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\ERDNT\cache64\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 02:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 21:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A32E2B4E-EB81-4865-BFF1-E440FAF1DDB3}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{A7F45A49-3021-488E-9E2B-C208762D5AFD}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DE99E5B6-49B1-43CE-8EF9-CD0185398B8E}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 04 01 02 01 00 01 06 01 09 01 0B 01 08 01 05 01 03 01 01 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 11
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/01/06 00:25:54 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/01/06 00:25:54 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/01/06 00:25:54 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2010/01/06 00:25:54 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2010/01/06 00:25:54 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2010/01/06 00:25:54 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/05/06 19:08:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/05/06 19:08:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/05/06 19:08:23 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/06 19:08:24 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/05/06 19:08:24 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/06 19:08:14 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/06 19:08:14 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/06 19:08:14 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/06 19:08:24 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/05/06 19:08:24 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: MICHELLE618-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F RAW DVD-ROM 2048 B Healthy
Volume 1 D RECOVERY NTFS Partition 10 GB Healthy
Volume 2 C OS NTFS Partition 288 GB Healthy System

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:57DC3B52

< End of report >
  • 0

#14
TanyaG6

TanyaG6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Extras.txt

OTL Extras logfile created on: 5/14/2012 8:55:21 PM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\michelle618\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.97 Gb Available Physical Memory | 74.34% Memory free
4.16 Gb Paging File | 3.31 Gb Available in Paging File | 79.45% Paging File free
Paging file location(s): c:\pagefile.sys 300 500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 21.53 Gb Free Space | 7.48% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.92 Gb Free Space | 99.21% Space Free | Partition Type: NTFS

Computer Name: MICHELLE618-PC | User Name: michelle618 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056170F8-77DF-45E7-98E6-C7F8C6275735}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0B09C4CD-5B90-42E0-BB97-8D27B28B8BF8}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{11BED819-B214-46F1-806B-141953356F23}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1B1E87EC-FB0D-4702-8256-BFCF807D80FB}" = lport=138 | protocol=17 | dir=in | app=system |
"{246D7468-3F28-4DC3-8543-1F2D77832FFB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{2DD68B0A-323D-4B20-BAF4-B08FFC39CA48}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E852B88-6D7C-42E1-9B10-25665B1F8FFC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F141A2D-5E6C-45A5-8CCE-D6CC8FD68FB1}" = lport=137 | protocol=17 | dir=in | app=system |
"{499D7E5B-80A0-43CD-9F13-D5BD915078EF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4A2AAE05-6260-474D-AE22-150E3509191B}" = rport=2869 | protocol=6 | dir=out | app=system |
"{58ACDAA5-73F7-4754-B92E-58F530F02CEC}" = rport=138 | protocol=17 | dir=out | app=system |
"{5CBB11E2-A211-4D4B-86D5-D8256D9352E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{63AD7DA1-8BF1-4F72-AC3B-E91F7DF8D780}" = lport=445 | protocol=6 | dir=in | app=system |
"{969ABC4E-C720-410B-BB8B-E715A62572A6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9AD13258-911B-409D-81A0-9EDEFC69B02F}" = lport=139 | protocol=6 | dir=in | app=system |
"{A3B548F5-B83D-44AF-9FD1-7C67FAC8358E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AAD4F92C-2616-4413-9DB7-F5F3EFDFF2E6}" = rport=137 | protocol=17 | dir=out | app=system |
"{AD52531B-2904-4A03-98CA-02736B4973FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B139F1BD-D22B-4BCF-AF77-E2C174CC245B}" = rport=139 | protocol=6 | dir=out | app=system |
"{BCBD3130-21A2-40CA-AB22-7C86B6405363}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD59E230-7143-4503-88FE-E01677C38AD7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D15B5DA3-3A4D-4D02-B3AB-070A21B559D9}" = rport=445 | protocol=6 | dir=out | app=system |
"{D3163369-5563-4923-A789-0CABB6A56124}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{D4BAB3F4-D94E-4A71-867A-25D0FBD5F9EB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DDF973B7-00E1-4D35-9D24-30D39957A341}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EA71B870-9D31-4AE7-97CF-356BEAFCFFE1}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FA580432-E9B6-4EB0-806B-8028D9DF0D16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE6B6A1A-1F75-472E-BE37-1D526B74AFC4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012B0BCC-1720-4E39-AC6C-7E1A28B04A12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{047CDCDF-7C09-4C18-BEEF-7C6B7A00A5A7}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{060E8D3E-93D7-473D-AE11-E810162F124C}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{061777C8-B0EE-4BBB-AF9D-B0D92290E3ED}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0B9AF5C9-435C-49C8-860B-F3CA3C370070}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{0CD4E40C-C26B-4629-8241-C2059B1D032A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0DD1AE12-E369-429E-905C-5FFFFE5A5317}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dms\clmsservice.exe |
"{14318FE2-6D70-45FC-830C-C4BB3EF4C75A}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{1560C3A5-CE7F-4A8F-B762-1B2964A2354D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxditime.exe |
"{16840DC3-21A3-45FF-88B3-131CC8FF070A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1C21CB8F-649C-444D-8AD4-F8C45FE944CC}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{1DB2207B-B661-4DF3-BD83-C86BBC580205}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{27F02AD7-99B4-49B2-99EF-40C912DB782D}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{3137DECE-0876-4875-8287-FE6A02E0A4A6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{357A8688-2995-46FF-BDD1-326CE3792112}" = protocol=58 | dir=in | [email protected],-28545 |
"{367632C8-B4C4-426C-BC37-CF5741A43C47}" = dir=in | app=c:\program files (x86)\dell\mediadirect\pcmservice.exe |
"{373E9BEE-9B7D-4BEE-A397-FFDC2F8F54F3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3BE830EE-1CA4-4E12-B7ED-8AE4E4A2E545}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4C42F400-3315-43BB-8DB0-4A702375435C}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdicoms.exe |
"{4FE947DB-CFD2-4E34-9498-2F97963EE66A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{55181CC3-D033-4EDE-BCBB-8E5BFF525BC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{557EBA09-7F63-45B4-AE06-4137ECDBAF47}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5985D0EF-06FA-4472-9D22-2A67CEF43D28}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B28712B-9A73-438C-8A19-5D558CEC9230}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{5B6F631A-2DE9-45C9-8F93-2F5F0B513699}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C0F4429-854C-4A45-BCA9-ECA1F87A4B67}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe |
"{67906598-7D77-46E2-9DD0-09F72AFD9055}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{6B620CE4-F1FC-4C65-AB48-850653CB8A34}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxditime.exe |
"{6BD39850-A8FD-4670-99AC-2247833B2277}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7268E0ED-368E-41D7-B0F4-5E308841E6B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74AEE663-6353-484A-A5D2-89D7C937389F}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{775A3754-64EA-46AE-AFA4-8D57F2285D2D}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe |
"{783228A5-9169-4CFA-90AF-E96084C6782D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{78F2D88B-52E6-4B20-B272-023548E570D0}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe |
"{81B2BD83-7B09-4F03-9AB7-86F9B572B29A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86637361-ACF8-415A-AD1B-06E0BBDF4219}" = protocol=58 | dir=out | [email protected],-28546 |
"{86B44815-BEB3-4924-B6A7-24FBBF278150}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{877FA3D1-9531-4E98-9E38-E1663D43A428}" = protocol=6 | dir=out | app=system |
"{8787B68F-279C-499C-A4D1-ED345AE35292}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\app4r.exe |
"{89444DA5-0E42-4F34-8E0A-B969FB270167}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark fax solutions\faxctr.exe |
"{8B37AD8F-AEEE-4A62-8F2A-F706ABA47D62}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"{8BD84755-0458-4BBE-A777-49FC4899485C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8CFA19B7-0B1D-443E-B668-A07B96920174}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{8EE87B9A-E771-4D38-8E34-B3F53047EEC0}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\app4r.exe |
"{9C8872B7-AA83-4097-917E-AF2836CAD614}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A2E8863E-D1FB-4B13-A26A-8C38DCA125FD}" = protocol=1 | dir=in | [email protected],-28543 |
"{A764A790-97BE-47B7-AA89-C5EB5C6E7A47}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe |
"{A7E7107E-4AFA-44E8-80A2-5E26557DD8AC}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A84A1132-3763-4D01-8093-4F695ADA168E}" = dir=in | app=c:\program files (x86)\dell\mediadirect\mediadirect.exe |
"{ACBD3C6D-6944-4D22-BA27-8B047A254FF5}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark fax solutions\faxctr.exe |
"{B6571456-2797-4A5C-A9AB-C5CE003492CE}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{BC2CADCD-3D4A-490A-84AB-5196DD977A1E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BDFE5207-2225-46E2-A0CD-04625BBD9156}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{BEBD71D7-95CE-4D5A-A748-9C7017235E11}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{BF98207C-B0D8-49C3-A796-80876D83844E}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{C07975A0-2E6E-4BCC-9560-5C0803E9924F}" = protocol=1 | dir=out | [email protected],-28544 |
"{C25412BF-4935-4730-A544-BC73D07E6C22}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{CA544369-046F-4C97-B3B5-FB6FC1D15DDE}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdipswx.exe |
"{CD5D20C1-314A-46AD-ADC0-92EBE4A87355}" = protocol=58 | dir=in | [email protected],-148 |
"{D4386B4D-3730-4EBE-A377-1E096F247418}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdicoms.exe |
"{DD81F8F8-24BF-4F20-BC1C-A58AD0591842}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{E94E0D8F-A54D-4297-8A8A-A3E5033900A4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EAC2DC64-D03E-4892-8070-343889515A0B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EE1C73CA-3E4B-417C-8C29-1C5E78384FA7}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdipswx.exe |
"{F9985965-033B-4735-A34D-00BC1C3CBD69}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{FFFED267-246C-44C5-8344-9DC25BD0FE5D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{BFCD478B-DBD6-48D2-A766-C4AE0FE2A772}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{703B56CE-C440-4DAE-8051-B964C3AEA4B8}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB}" = Comcast Universal Installer v1.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{61933675-EFC7-4190-90B6-5AD56E1D9294}" = Marketsplash Print Software
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{750B354A-BF46-45E0-86D6-620026703B92}" = Nancy Drew: The Haunted Carousel
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99ED894F-60CF-4D71-A645-442CD041D595}" = Susteen Launcher
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DDC5B3E0-C656-4070-9CF0-E592EC60AD42}" = MotoConnect
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audacity_is1" = Audacity 1.2.6
"Bejeweled 2" = Bejeweled 2
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"Bookworm Deluxe 1.13" = Bookworm Deluxe 1.13
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cooking Academy" = Cooking Academy
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"Discovery" = Discovery
"Fashion Apprentice" = Fashion Apprentice
"GameHouse" = GameHouse
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"InstallShield_{99ED894F-60CF-4D71-A645-442CD041D595}" = Susteen Launcher
"InstallShield_{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MyITLab ActiveX Installer_is1" = MyITLab ActiveX Installer 2, 9, 8, 65535
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"Picasa2" = Picasa 2
"RCA Detective™_is1" = RCA Detective™ 3.0.0.101
"RCA easyRip_is1" = RCA easyRip 2.5.2.0
"RCA Updater_is1" = RCA Updater 1.0.4.0
"Wheel Of Fortune 2" = Wheel Of Fortune 2 (remove only)
"Winamp" = Winamp
"WT016060" = Penguins!
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-761255007-4257669193-40547742-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2008 2:22:58 AM | Computer Name = michelle618-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/14/2008 2:22:58 AM | Computer Name = michelle618-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/14/2008 2:48:30 AM | Computer Name = michelle618-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/14/2008 2:48:41 AM | Computer Name = michelle618-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 7/14/2008 2:55:43 AM | Computer Name = michelle618-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/29/2011 4:25:15 PM | Computer Name = michelle618-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2011 4:28:15 PM | Computer Name = michelle618-PC | Source = EventSystem | ID = 4621
Description =

Error - 3/29/2011 4:29:54 PM | Computer Name = michelle618-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2011 4:53:44 PM | Computer Name = michelle618-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/30/2011 12:01:03 PM | Computer Name = michelle618-PC | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 2/14/2012 6:19:13 AM | Computer Name = michelle618-PC | Source = WLAN-Tray | ID = 0
Description = 04:19:12, Tue, Feb 14, 12 Error - Unable to gain access to user store


Error - 2/18/2012 6:26:57 PM | Computer Name = michelle618-PC | Source = WLAN-Tray | ID = 0
Description = 16:26:57, Sat, Feb 18, 12 Error - Unable to gain access to user store


Error - 2/18/2012 6:31:03 PM | Computer Name = michelle618-PC | Source = WLAN-Tray | ID = 0
Description = 16:31:03, Sat, Feb 18, 12 Error - Unable to gain access to user store


Error - 2/18/2012 8:18:25 PM | Computer Name = michelle618-PC | Source = WLAN-Tray | ID = 0
Description = 18:18:24, Sat, Feb 18, 12 Error - Unable to gain access to user store


Error - 2/21/2012 8:07:33 PM | Computer Name = michelle618-PC | Source = WLAN-Tray | ID = 0
Description = 18:07:32, Tue, Feb 21, 12 Error - Unable to gain access to user store


Error - 4/12/2012 11:06:52 PM | Computer Name = michelle618-PC | Source = WLAN-Tray | ID = 0
Description = 22:06:51, Thu, Apr 12, 12 Error - Unable to gain access to user store


Error - 5/14/2012 6:33:13 AM | Computer Name = michelle618-PC | Source = WLAN-Tray | ID = 0
Description = 05:33:12, Mon, May 14, 12 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 10/4/2008 5:35:27 PM | Computer Name = michelle618-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 10/12/2008 12:35:39 PM | Computer Name = michelle618-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 11/9/2008 1:39:55 PM | Computer Name = michelle618-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 2/20/2009 6:42:17 PM | Computer Name = michelle618-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 4/30/2009 12:07:03 AM | Computer Name = michelle618-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/10/2009 1:28:39 PM | Computer Name = michelle618-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/26/2009 6:18:40 AM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/26/2009 8:36:09 AM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/26/2009 9:51:08 AM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/26/2009 3:50:32 PM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/26/2009 5:46:37 PM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/26/2009 8:56:01 PM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/27/2009 10:09:48 AM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/27/2009 6:53:15 PM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/27/2009 11:55:58 PM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 1/28/2009 12:59:58 AM | Computer Name = michelle618-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.


< End of report >
  • 0

#15
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Good job running all of those! :thumbsup:


Now for the BiGGGGGGGGG question:

Please update me on the issues with your computer that remain
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP