Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

babylon, searchnu, death [Solved]

Started by svillan7 , Jul 02 2012 01:50 AM

  • This topic is locked This topic is locked

#1
svillan7
Posted 02 July 2012 - 01:50 AM

svillan7

    New Member

  • Member
  • Pip
  • 3 posts
Not sure what is related or not. Not a computer talent. Beginning of month found my teenager downloading stupid stuff. I immediately deleted all that I could. Closed down, computer would not let me log in. Took it to computer store. Said they removed a lot of virus, malware from registry. They fixed it so that I could log in. I have their log if you need it.

I can log in but have Searchnu and Babylon always come up first on Chrome. Tried to remove program. Always comes back. Tried to do regedit and remove there, still came back. Tried to do the about: thing and it would not let me get to the second step.

Windows Security says that it cannot turn on my automatic updates. Symantec does not run a regular scan anymore and I cannot figure out why. Every time I use Chrome, my Adobe Flash says that I need to kill the pages and I have to stop Chrome and start over. Today, a random sign popped up, supposedly from Microsoft Security that says that I must immediately close down the computer because it is infested. I ran Malwarebites and Microsoft which says that it is clean. I ran OTL and have included that logs from Malwarebytes and OTL.

I closed down everything. Updated Windows which had not been receiving any updates, this seemed to help. It allowed me to update Symantec which allowed me to turn on automatic updates on Microsoft. Had 1 full day of no searchnu or babylon. Then about 4 hours ago, it started all over again and the OTL icon had disappeared, I had to redo that.

Here are the logs from OTL.

OTL logfile created on: 7/2/2012 1:25:16 AM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\stacey\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.89 Mb Total Physical Memory | 82.77 Mb Available Physical Memory | 8.17% Memory free
2.89 Gb Paging File | 2.14 Gb Available in Paging File | 74.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 100.94 Gb Free Space | 43.36% Space Free | Partition Type: NTFS

Computer Name: WXP-WS01 | User Name: stacey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/02 01:24:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\stacey\My Documents\Downloads\OTL.exe
PRC - [2012/06/28 05:28:57 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/05/22 05:04:16 | 000,964,032 | ---- | M] (Support.com, Inc.) -- C:\Program Files\Office Depot PC Support Agent\esService.exe
PRC - [2012/05/22 05:04:16 | 000,587,712 | ---- | M] (Support.com, Inc.) -- C:\Program Files\Office Depot PC Support Agent\escont.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/04 08:52:02 | 001,155,432 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/02/04 07:40:44 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/12/21 14:50:46 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/27 21:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 20:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/06/30 17:06:46 | 000,016,447 | ---- | M] (NetSupport Ltd) -- C:\Program Files\NetSupport Manager\client32.exe
PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2000/08/08 13:33:12 | 000,036,864 | ---- | M] (Intuit) -- C:\QUICKENW\QWDLLS.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/30 16:10:57 | 004,051,456 | ---- | M] () -- C:\Documents and Settings\stacey\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll
MOD - [2012/06/30 16:10:57 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\stacey\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll
MOD - [2012/06/30 01:36:18 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/30 01:33:36 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/30 01:33:34 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/30 01:33:34 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/30 01:33:29 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/06/30 01:33:29 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/30 01:33:27 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/06/30 01:33:26 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/30 01:33:25 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/06/30 01:33:23 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/06/30 01:33:16 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/06/30 01:20:12 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/06/30 01:19:44 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/06/28 03:27:26 | 009,252,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
MOD - [2012/05/24 13:10:58 | 003,417,376 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_80c2ffa.dll
MOD - [2012/05/22 05:04:08 | 000,043,008 | ---- | M] () -- C:\Program Files\Office Depot PC Support Agent\ESResources.dll
MOD - [2012/02/04 08:50:48 | 000,268,648 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2010\boost_regex-vc90-mt-p-1_33.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/06 18:55:29 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/02/06 18:55:28 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/02/06 18:55:28 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/02/06 18:55:27 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/02/06 18:55:27 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/02/06 18:55:27 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/02/06 18:55:27 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/02/06 18:55:27 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/02/06 18:55:27 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/02/06 18:55:26 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/02/06 18:55:26 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/02/06 18:55:26 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/02/06 18:41:06 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2011/02/06 18:41:05 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/02/06 18:41:05 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/02/06 18:41:05 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/02/06 18:41:04 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2011/02/06 18:41:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2011/02/06 18:41:04 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2011/02/06 18:41:03 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2011/02/06 18:41:02 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/02/06 18:41:01 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/02/06 18:41:01 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/02/06 18:41:01 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/02/06 18:40:59 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/02/06 18:40:58 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/02/06 18:40:58 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2006/06/30 17:06:46 | 000,020,543 | ---- | M] () -- C:\Program Files\NetSupport Manager\PCIHOOKS.DLL
MOD - [2006/06/30 17:06:34 | 000,196,667 | ---- | M] () -- C:\Program Files\NetSupport Manager\TCCTL32.DLL
MOD - [2006/06/30 17:06:30 | 000,098,363 | ---- | M] () -- C:\Program Files\NetSupport Manager\pcicapi.DLL
MOD - [2006/06/30 17:06:30 | 000,028,728 | ---- | M] () -- C:\Program Files\NetSupport Manager\PCICHEK.DLL
MOD - [2002/05/03 16:40:32 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2000/08/08 13:33:06 | 000,102,400 | ---- | M] () -- C:\QUICKENW\qcomutil.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/25 01:42:01 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/24 13:10:58 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/05/22 05:04:16 | 000,964,032 | ---- | M] (Support.com, Inc.) [Auto | Running] -- C:\Program Files\Office Depot PC Support Agent\esService.exe -- (Office Depot PC Support Agent)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/02/04 07:40:44 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/21 14:50:46 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 17:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/06/30 17:06:46 | 000,016,447 | ---- | M] (NetSupport Ltd) [Auto | Running] -- C:\Program Files\NetSupport Manager\client32.exe -- (Client32)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/07/30 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/30 03:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/19 14:23:40 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110730.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/07/19 14:23:40 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110730.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/15 00:11:10 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV - [2009/10/30 12:40:58 | 000,398,912 | R--- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nc06_usb.sys -- (NUMARK_NC06)
DRV - [2009/10/30 12:40:56 | 000,039,488 | R--- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nc06_wdm.sys -- (NUMARK_NC06_WDM)
DRV - [2009/10/30 12:40:56 | 000,026,688 | R--- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nc06midi.sys -- (NUMARK_NC06_MIDI)
DRV - [2009/09/15 13:13:34 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/15 13:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/07/15 23:03:18 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink ™
DRV - [2008/04/13 22:05:30 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2008/03/28 06:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/01/15 15:53:22 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/01/15 15:53:22 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/09/18 18:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2006/08/07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2006/06/30 17:06:28 | 000,032,823 | ---- | M] (NetSupport Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pcisys.sys -- (PCISys)
DRV - [2006/06/30 17:06:28 | 000,024,633 | ---- | M] (NetSupport Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gdihook5.sys -- (gdihook5)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{38E55DB8-2EBB-46DC-98CA-171B60F1B2F0}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{38E55DB8-2EBB-46DC-98CA-171B60F1B2F0}: "URL" = http://www.google.co...1I7ADRA_enUS452
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2438727
IE - HKCU\..\SearchScopes\{D2AEBD9E-DF40-4353-A1E3-A33F501D4D6C}: "URL" = http://search.yahoo....0624,6901,0,8,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3


========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\stacey\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\stacey\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\WINDOWS\Downloaded Program Files\npsoe.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\stacey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\stacey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\stacey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Shop to Win) - {472F6BB8-3D5A-BC24-4155-3192C7AC8CF6} - C:\Program Files\Shop to Win 37\Shop to Win 37.dll File not found
O2 - BHO: (VideoFileDownload) - {9194649F-7143-4308-90C1-D6A35B0E354E} - C:\Program Files\OApps\bho_project.dll (VideoFileDownload)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2012/06/17 12:05:21 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE (Intuit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1341028661156 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1265648315687 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pears...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{948BA608-EFDF-4587-B020-D394CBC53BE7}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B51EFC2C-7151-457E-AE87-97432BF2D176}: NameServer = 172.26.25.2
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/20 07:39:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{43ba27a6-43fa-11df-8fde-0018f80f1552}\Shell - "" = AutoRun
O33 - MountPoints2\{43ba27a6-43fa-11df-8fde-0018f80f1552}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{43ba27a6-43fa-11df-8fde-0018f80f1552}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{5bcb349f-390c-11df-8fdc-0018f80f1552}\Shell - "" = AutoRun
O33 - MountPoints2\{5bcb349f-390c-11df-8fdc-0018f80f1552}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5bcb349f-390c-11df-8fdc-0018f80f1552}\Shell\AutoRun\command - "" = E:\iStudio.exe
O33 - MountPoints2\{c99aa392-5593-11df-8fe3-0018f80f1552}\Shell - "" = AutoRun
O33 - MountPoints2\{c99aa392-5593-11df-8fe3-0018f80f1552}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c99aa392-5593-11df-8fe3-0018f80f1552}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/30 00:31:18 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/06/30 00:29:08 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/29 23:45:41 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/06/29 23:13:27 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/06/29 22:58:58 | 000,015,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/06/29 14:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2012/06/25 01:41:55 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/22 14:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2012/06/22 14:46:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2012/06/20 16:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\My Documents\Office Depot PC Support Agent
[2012/06/20 16:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Application Data\QuickScan
[2012/06/18 17:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Local Settings\Application Data\PCHealth
[2012/06/18 11:36:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/06/17 12:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\My Documents\STK
[2012/06/17 12:50:03 | 000,000,000 | ---D | C] -- C:\McAfeePromo
[2012/06/17 12:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Application Data\OpswatLogs
[2012/06/17 12:03:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2012/06/17 11:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/17 11:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Office Depot PC Support Agent
[2012/06/17 11:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\support.com
[2012/06/17 11:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2012/06/17 11:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Application Data\supportdotcom
[2012/06/17 11:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\supportdotcom
[2012/06/17 11:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportdotcom
[2012/06/12 16:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Application Data\BACS.exe
[2012/06/11 16:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Local Settings\Application Data\MPlayer
[2012/06/11 16:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\My Documents\ShopToWin
[2012/06/11 16:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Application Data\FCTB000100685
[2012/06/11 16:07:09 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2012/06/11 16:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2012/06/11 16:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2012/06/11 16:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater
[2012/06/11 16:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/06/11 16:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2012/06/11 15:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\OApps
[2012/06/11 15:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Application Data\Babylon
[2012/06/11 15:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/06/11 15:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Local Settings\Application Data\CRE
[2012/06/11 14:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\AppData
[2012/06/11 14:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Local Settings\Application Data\Ilivid Player
[2012/06/11 14:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Application Data\searchquband
[2012/06/11 14:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/06/11 14:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\My Documents\Graboid
[2012/06/11 14:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2012/06/11 14:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Local Settings\Application Data\Geckofx
[2012/06/11 14:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Application Data\Mozilla
[2012/06/11 14:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/06/11 14:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2012/06/11 01:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\AirPort
[2012/06/10 22:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/10 22:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/02 00:56:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/02 00:51:27 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/02 00:46:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/02 00:44:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/02 00:41:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/02 00:41:18 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/07/02 00:41:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/02 00:40:51 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\pcisys.ntk
[2012/07/02 00:00:01 | 000,000,680 | ---- | M] () -- C:\WINDOWS\tasks\HP-CollectPrintData.job
[2012/07/01 02:01:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-WXP-WS01-stacey.job
[2012/06/30 13:51:53 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/30 03:07:55 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/30 01:47:21 | 003,581,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/30 01:35:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/30 01:33:53 | 000,506,952 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/30 01:33:53 | 000,088,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/29 14:46:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/27 16:01:21 | 000,000,089 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/06/25 01:41:55 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/25 01:41:54 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/24 17:11:33 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2011.lnk
[2012/06/18 18:00:37 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\stacey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.LNK
[2012/06/18 11:37:05 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/06/18 09:20:39 | 000,182,646 | ---- | M] () -- C:\Documents and Settings\stacey\My Documents\Office Depot Work Order 0222310664450 Ticket 17175819 Receipt.mht
[2012/06/17 12:51:59 | 000,001,841 | ---- | M] () -- C:\Documents and Settings\stacey\Desktop\Office Depot Solutions Toolkit Report Sunday, June 17, 2012 12_51_58 PM.lnk
[2012/06/17 12:50:04 | 000,001,062 | ---- | M] () -- C:\Documents and Settings\stacey\Desktop\Click for 90 day free Data Backup.lnk
[2012/06/17 11:59:01 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 11:49:58 | 000,001,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Office Depot PC Support Agent.lnk
[2012/06/17 11:14:11 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/11 17:40:19 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\stacey\My Documents\lnk_fix_w7.zip
[2012/06/11 15:22:46 | 000,031,470 | ---- | M] () -- C:\Documents and Settings\stacey\Local Settings\Application Data\funmoods.crx
[2012/06/11 15:16:19 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\stacey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/11 15:08:15 | 000,001,530 | ---- | M] () -- C:\user.js
[2012/06/10 22:52:01 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/10 22:37:31 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\stacey\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/10 22:37:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/06/04 17:35:32 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012/06/02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/06/02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012/06/02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/06/02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/06/02 15:18:58 | 000,017,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/30 03:17:48 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/30 03:07:50 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/29 23:13:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/29 23:13:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/06/25 01:42:07 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/17 13:01:05 | 000,182,646 | ---- | C] () -- C:\Documents and Settings\stacey\My Documents\Office Depot Work Order 0222310664450 Ticket 17175819 Receipt.mht
[2012/06/17 12:51:59 | 000,001,841 | ---- | C] () -- C:\Documents and Settings\stacey\Desktop\Office Depot Solutions Toolkit Report Sunday, June 17, 2012 12_51_58 PM.lnk
[2012/06/17 12:50:03 | 000,001,062 | ---- | C] () -- C:\Documents and Settings\stacey\Desktop\Click for 90 day free Data Backup.lnk
[2012/06/17 11:59:01 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 11:49:58 | 000,001,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Office Depot PC Support Agent.lnk
[2012/06/17 11:49:58 | 000,001,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Office Depot PC Support Agent.lnk
[2012/06/11 19:53:19 | 000,002,276 | ---- | C] () -- C:\Documents and Settings\stacey\Desktop\lnk_fix_w7.reg
[2012/06/11 17:40:18 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\stacey\My Documents\lnk_fix_w7.zip
[2012/06/11 15:22:48 | 000,031,470 | ---- | C] () -- C:\Documents and Settings\stacey\Local Settings\Application Data\funmoods.crx
[2012/06/11 15:07:43 | 000,001,530 | ---- | C] () -- C:\user.js
[2012/06/11 01:06:45 | 000,002,141 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\AirPort Utility.lnk
[2012/06/10 22:52:01 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/04/25 23:46:02 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2012/04/25 23:45:59 | 000,007,102 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2012/04/25 23:45:32 | 000,000,710 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2012/03/31 20:15:34 | 001,581,564 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3516811114-1319865687-740991956-1008-0.dat
[2012/03/31 20:15:24 | 000,373,118 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/29 21:30:18 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/07/31 02:31:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2011/07/26 01:00:36 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\stacey\.recently-used.xbel
[2011/05/17 01:45:33 | 000,013,386 | -HS- | C] () -- C:\Documents and Settings\stacey\Local Settings\Application Data\e14d740ogtqp53m3h02k070s66p503jed8e
[2011/05/17 01:45:33 | 000,013,386 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\e14d740ogtqp53m3h02k070s66p503jed8e
[2011/04/16 12:26:10 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\stacey\jagex_runescape_preferences2.dat
[2011/04/16 12:23:14 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\stacey\jagex_runescape_preferences.dat
[2011/02/22 21:23:11 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\stacey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/09 23:19:20 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/11/22 17:47:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/19 00:17:27 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\stacey\Application Data\mcs.rma
[2010/09/19 00:17:27 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\stacey\Application Data\2D4843
[2010/08/22 02:12:35 | 000,059,480 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/19 13:03:14 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== LOP Check ==========

[2010/12/15 21:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2D119
[2012/06/11 15:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2012/06/11 20:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/03/23 22:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2011/05/17 14:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dbg
[2010/03/24 01:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2012/06/11 14:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2012/02/23 21:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\myitlab2010
[2010/03/23 22:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/03/13 00:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/03/24 01:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2012/06/11 16:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/03/11 14:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2010/08/21 23:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/11 15:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\Babylon
[2012/06/12 16:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\BACS.exe
[2011/01/11 17:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\BodyMedia
[2012/06/11 16:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\FCTB000100685
[2011/03/06 20:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\FreeBurner
[2010/04/13 17:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\G7PS
[2011/03/06 23:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\gtk-2.0
[2011/02/09 23:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\Hardcore
[2011/06/09 14:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\HotSync
[2011/02/09 23:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\Juce VST Host
[2012/06/20 16:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\OpswatLogs
[2012/06/20 16:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\QuickScan
[2012/06/11 14:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\searchquband
[2012/06/11 16:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\Sony Online Entertainment
[2011/03/13 00:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/06/17 11:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\supportdotcom
[2011/01/08 13:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\Unity
[2010/08/01 00:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\Windows Desktop Search
[2010/09/18 22:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\Windows Search
[2012/07/02 00:41:18 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



< End of report >

Also included this report, cannot figure out how I got it, could not do it again. So this report is not from the same day.
OTL Extras logfile created on: 6/26/2012 8:29:52 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\stacey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.89 Mb Total Physical Memory | 500.28 Mb Available Physical Memory | 49.39% Memory free
2.89 Gb Paging File | 2.20 Gb Available in Paging File | 76.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 105.32 Gb Free Space | 45.24% Space Free | Partition Type: NTFS

Computer Name: WXP-WS01 | User Name: stacey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cmd [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hta [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.inf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.ini [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.jse [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.pif [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.vbe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.wsh [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\Microsoft ActiveSync\CeAppMgr.exe:LocalSubnet:Enabled:ActiveSync Application Manager" = %ProgramFiles%\Microsoft ActiveSync\CeAppMgr.exe:LocalSubnet:Enabled:ActiveSync Application Manager
"%ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe:LocalSubnet:Enabled:ActiveSync Application" = %ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe:LocalSubnet:Enabled:ActiveSync Application
"%ProgramFiles%\Microsoft ActiveSync\WCESComm.exe:LocalSubnet:Enabled:ActiveSync Connection Manager" = %ProgramFiles%\Microsoft ActiveSync\WCESComm.exe:LocalSubnet:Enabled:ActiveSync Connection Manager

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\NetSupport Manager\client32.exe" = C:\Program Files\NetSupport Manager\client32.exe:*:Enabled:NetSupport Client -- (NetSupport Ltd)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"C:\Documents and Settings\stacey\My Documents\My Music\iTunes\iTunes Music\Music\BearShare Applications\BearShare\BearShare.exe" = C:\Documents and Settings\stacey\My Documents\My Music\iTunes\iTunes Music\Music\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{624E7452-BA43-4f55-B9D5-FC75EEA0808B}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
"C:\Program Files\Chapura\Chapura SyncManager\SyncMgr.exe" = C:\Program Files\Chapura\Chapura SyncManager\SyncMgr.exe:*:Enabled:Chapura SyncManager
"C:\Program Files\Palm\Hotsync.exe" = C:\Program Files\Palm\Hotsync.exe:*:Enabled:HotSync® Manager Application
"C:\Program Files\Common Files\Motive\McciServiceHost.exe" = C:\Program Files\Common Files\Motive\McciServiceHost.exe:*:Enabled:McciServiceHost -- (Alcatel-Lucent)
"C:\Documents and Settings\stacey\My Documents\My Music\iTunes\iTunes Music\Automatically Add to iTunes\BitLord\BitLord.exe" = C:\Documents and Settings\stacey\My Documents\My Music\iTunes\iTunes Music\Automatically Add to iTunes\BitLord\BitLord.exe:*:Disabled:BitLord
"C:\Documents and Settings\stacey\My Documents\My Music\iTunes\iTunes Music\Music\BearShare Applications\BearShare\BearShare.exe" = C:\Documents and Settings\stacey\My Documents\My Music\iTunes\iTunes Music\Music\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\NetSupport Manager\client32.exe" = C:\Program Files\NetSupport Manager\client32.exe:*:Enabled:NetSupport Client -- (NetSupport Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 24
"{277D7D24-A57F-4762-AB86-A646656A25FA}" = BodyMedia SYNC
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5866F83F-5347-4324-A15E-070502A65866}" = TurboTax 2010 WinBizReleaseEngine
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{6334BBB0-8A2E-4679-B845-9CE27E72DBDA}" = TurboTax 2010 WinBizTaxSupport
"{6346B2AE-0DBB-45A3-9ECA-D23CAC27AB7E}" = TurboTax 2011 wiliper
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70632C41-BDAC-4128-9FBF-287F9FF53DE5}" = TurboTax 2010 wiliper
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73D793AB-43E8-4683-A28C-43CBD22331B3}" = TurboTax 2010 wilpbpm
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BB045C3-D5E4-4620-B536-DC11AACD5942}" = Broadcom Management Programs
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-004E-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector 32-bit
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D59AC32-B0FA-4CD7-A2EC-4B57C06CD9D9}" = Dell Backup and Recovery Manager
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9FA23C53-D512-488C-BD99-4124F6DD2087}" = VersaCheck 2005 Gold
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A421348C-43DF-46F8-8024-7ABC9F92A682}" = HP Printer Quality Research Study
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AE29CC62-C835-40FD-99C6-292F90D58DF8}" = TurboTax 2010 widiper
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C3ADD937-FD5F-4CC6-AE15-AEDEE2A20165}" = TurboTax 2010 wrapper
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E6C0F926-446B-4450-8D15-4405A9431EB7}" = TurboTax 2010 WinBizFedFormset
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5B9B0F-BB12-4919-B58D-9F7A57A1D296}" = TaxWise 2010
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Akamai" = Akamai NetSession Interface Service
"ASIO4ALL" = ASIO4ALL
"ATT-SST-UversePortal" = AT&T Portal
"BitLord" = BitLord 1.1
"BMR-screensaver Screensaver" = BMR-screensaver Screensaver
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{277D7D24-A57F-4762-AB86-A646656A25FA}" = BodyMedia SYNC
"Intelli-studio" = SAMSUNG Intelli-studio
"Learning by Doing 1.0" = Learning by Doing 1.0
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetSupport Manager" = NetSupport Manager
"Office Depot PC Support Agent" = Office Depot PC Support Agent
"PROPLUS" = Microsoft Office Professional Plus 2007
"Quicken 2001 Basic" = Quicken 2001 Basic
"Rhapsody" = Rhapsody
"Shop for HP Supplies" = Shop for HP Supplies
"TurboTax 2008" = TurboTax 2008
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax Business 2010" = TurboTax Business 2010
"USB_AUDIO_DEusb-audio.deNumarkNC06" = MixDeck USB Audio driver
"vfd-adk" = VideoFileDownload
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/25/2012 10:34:10 AM | Computer Name = WXP-WS01 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 6/25/2012 3:06:33 PM | Computer Name = WXP-WS01 | Source = Bonjour Service | ID = 100
Description = send_msg ERROR: failed to write 275 of 275 bytes to fd 236 errno 10054
(An existing connection was forcibly closed by the remote host.)

Error - 6/25/2012 3:06:33 PM | Computer Name = WXP-WS01 | Source = Bonjour Service | ID = 100
Description = 236: Could not write data to client because of error - aborting connection

Error - 6/25/2012 3:06:33 PM | Computer Name = WXP-WS01 | Source = Bonjour Service | ID = 100
Description = 236: DNSServiceQueryRecord stacey's\032AirPort\032Extreme._airport._tcp.local.
(TXT)

Error - 6/25/2012 3:44:07 PM | Computer Name = WXP-WS01 | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 19.0.1084.56, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/25/2012 9:24:56 PM | Computer Name = WXP-WS01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/25/2012 9:24:56 PM | Computer Name = WXP-WS01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4682515

Error - 6/25/2012 9:24:56 PM | Computer Name = WXP-WS01 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4682515

Error - 6/26/2012 2:45:41 PM | Computer Name = WXP-WS01 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070424, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 6/26/2012 8:59:00 PM | Computer Name = WXP-WS01 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 3/7/2011 12:19:22 AM | Computer Name = WXP-WS01 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 35 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/21/2012 10:00:38 PM | Computer Name = WXP-WS01 | Source = Service Control Manager | ID = 7034
Description = The Error Reporting Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 6/22/2012 1:51:26 PM | Computer Name = WXP-WS01 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 6/22/2012 1:51:57 PM | Computer Name = WXP-WS01 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 6/23/2012 10:06:45 AM | Computer Name = WXP-WS01 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.2172.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 6/23/2012 10:03:29 PM | Computer Name = WXP-WS01 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.338.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 6/24/2012 3:16:18 AM | Computer Name = WXP-WS01 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.338.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 6/25/2012 2:39:14 AM | Computer Name = WXP-WS01 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 6/25/2012 10:25:34 AM | Computer Name = WXP-WS01 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{948BA608-EFDF-4587-B020-D394CBC53BE7}. The
backup browser is stopping.

Error - 6/25/2012 10:33:57 AM | Computer Name = WXP-WS01 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.338.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 6/26/2012 2:45:40 PM | Computer Name = WXP-WS01 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.129.338.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 02 July 2012 - 09:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Took it to computer store. Said they removed a lot of virus, malware from registry. They fixed it so that I could log in. I have their log if you need it.

That would be nice if you don't mind as I would like to what they removed

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2438727
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
    O2 - BHO: (Shop to Win) - {472F6BB8-3D5A-BC24-4155-3192C7AC8CF6} - C:\Program Files\Shop to Win 37\Shop to Win 37.dll File not found
    O2 - BHO: (VideoFileDownload) - {9194649F-7143-4308-90C1-D6A35B0E354E} - C:\Program Files\OApps\bho_project.dll (VideoFileDownload)
    O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    [2012/06/11 14:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Local Settings\Application Data\Ilivid Player
    [2012/06/11 14:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Application Data\searchquband
    [2012/06/11 14:39:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
    [2012/06/11 15:22:48 | 000,031,470 | ---- | C] () -- C:\Documents and Settings\stacey\Local Settings\Application Data\funmoods.crx
    [2012/06/11 15:07:43 | 000,001,530 | ---- | C] () -- C:\user.js
    [2011/05/17 01:45:33 | 000,013,386 | -HS- | C] () -- C:\Documents and Settings\stacey\Local Settings\Application Data\e14d740ogtqp53m3h02k070s66p503jed8e
    [2011/05/17 01:45:33 | 000,013,386 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\e14d740ogtqp53m3h02k070s66p503jed8e
    [2012/06/11 15:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2012/06/11 20:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
    [2011/03/11 14:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
    [2012/06/11 15:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\Babylon
    [2012/06/11 14:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\searchquband


    :Files
    ipconfig /flushdns /c
    :\Program Files\Shop to Win 37
    C:\Program Files\OApps

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Note: When you re-run OTL please ensure that all users is selected

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
svillan7
Posted 02 July 2012 - 09:04 PM

svillan7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you so much for getting to me so quickly:)

I have attached the Office Depot information. I ran the OTL and attached the log. I ran the avasti and attached the log

When I opened up chrome to give these things to you, I still had searchnu and babylon come up alongside chrome.

Diagnosis (Non-Refundable)
Service Complete

Service Description:This is the diagnosis portion of the service.



For access to the Windows 7 online how-to videos on the Office Depot Tech Support Center, click here.



Protect Your Identity with Lifelock�?Ts one million dollar guarantee. Visit www.lifelock.com and enter promo code OD60FREE to receive a 60 day free trial of Identity Theft Protection.



Worklife Rewards - a smarter way to save. Get 10% back on ink, toner, paper, and copy and print services plus 1% back on almost everything else. Not a member? Membership is FREE. Join Today!


Computer services from any provider have the possibility of harming your data. Office Depot always recommends backing up your data prior to any service. If you would like a Data Backup Service (SKU 871305) please go back and select it from the previous page.: N

When did the problem start happening?: Yesterday

What is the problem or error message?: errors regarding "register code" when attempting to sign in. cant open scans.

What makes the problem happen?: turning on

Did you make any changes to your system (e.g. adding hardware, installing software or changing settings) about the time the problem started?: assorted

Is there anything else we should know?: n/a

Service Report:
We have performed several diagnostic and cleaning utilities that examine the system for various types of malicious software (viruses, ad-ware, rogue software, hidden viruses, etc.). In order to ensure an accurate diagnosis, critical system files, registry items and all running processes were reviewed in detail.

We have found the PC to be infected with :

Affiliate.Downloader,
Adware.Hotbar,
Trojan.BHO

These Infections have been successfully removed from the system.

The findings were:

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 38
Registry Values Infected: 4
Registry Data Items Infected: 6
Folders Infected: 18
Files Infected: 14


The following diagnostic steps were performed:
* Hardware checks
- Memory
- Storage space
- Conflicts
* Performance checks
- Running processes
- Startup processes
- Startup services
* Vulnerability checks
- Status of anti-virus software
- Status of anti-spyware software
- Status of firewall
- Status of Windows Auto-Updater

Repair
Service Complete

Service Description:Implements repairs of the diagnosed problems.



For access to the Windows 7 online how-to videos on the Office Depot Tech Support Center, click here.



Protect Your Identity with Lifelock's one million dollar guarantee. Visit www.lifelock.com and enter promo code OD60FREE to receive a 60 day free trial of Identity Theft Protection.



Worklife Rewards - a smarter way to save. Get 10% back on ink, toner, paper, and copy and print services plus 1% back on almost everything else. Not a member? Membership is FREE. Join Today!


Service Report:
The following actions were taken:

- All of the identified malware objects were removed, and any disabled services were corrected. Additional scans were performed to ensure the malware was removed.
- Cleared all temporary files and folders.
- A new system restore point (Clean system restore) has been created for you. If you should encounter any malware infections in the future, you may revert your system back to this restore point in order to alleviate the symptoms of the malware.
- Several unnecessary startup programs were disabled to improve performance.
- Performed Tune-up for optimal running conditions.
- Service completed successfully.
- Your computer should perform much better now.

Recommendation:

- Common sources of virus infections are peer to peer software being used incorrectly, and downloading things from un-trusted sources. Avoiding these two things will greatly reduce your risk of infection. Avoid installation of unnecessary programs or add-on's (for example, Internet toolbars or file-sharing programs). Unnecessary software may impact system performance, contain malware, and/or cause conflicts with applications that perform similar functions.
- We recommend researching any unknown programs prior to installing them.
- It is highly recommended that all antivirus/security software be kept up-to-date to ensure future infections do not occur.
- Be cautious of all web browsing and Internet downloads, many unfamiliar websites may infect your computer without your knowledge.
- Never open e-mail containing attachments from unknown senders.
These steps will help ensure your computer is safe from malicious attacks and future virus/malware infections.




Here is the OTL


OTL logfile created on: 7/2/2012 4:39:07 PM - Run 5
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\stacey\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.89 Mb Total Physical Memory | 470.00 Mb Available Physical Memory | 46.40% Memory free
2.89 Gb Paging File | 2.16 Gb Available in Paging File | 74.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 101.95 Gb Free Space | 43.80% Space Free | Partition Type: NTFS

Computer Name: WXP-WS01 | User Name: stacey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/02 16:38:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\stacey\My Documents\Downloads\OTL (6).exe
PRC - [2012/06/28 05:28:57 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/05/22 05:04:16 | 000,964,032 | ---- | M] (Support.com, Inc.) -- C:\Program Files\Office Depot PC Support Agent\esService.exe
PRC - [2012/05/22 05:04:16 | 000,587,712 | ---- | M] (Support.com, Inc.) -- C:\Program Files\Office Depot PC Support Agent\escont.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/02/04 08:52:02 | 001,155,432 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/02/04 07:40:44 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/12/21 14:50:46 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/27 21:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 20:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/06/30 17:06:46 | 000,016,447 | ---- | M] (NetSupport Ltd) -- C:\Program Files\NetSupport Manager\client32.exe
PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2000/08/08 13:33:12 | 000,036,864 | ---- | M] (Intuit) -- C:\QUICKENW\QWDLLS.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/30 16:10:57 | 004,051,456 | ---- | M] () -- C:\Documents and Settings\stacey\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll
MOD - [2012/06/30 16:10:57 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\stacey\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll
MOD - [2012/06/30 04:20:03 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/30 04:17:03 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll
MOD - [2012/06/30 04:16:59 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MOD - [2012/06/30 04:16:58 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MOD - [2012/06/30 01:36:18 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/30 01:33:36 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/30 01:33:34 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/30 01:33:34 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/30 01:33:29 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/06/30 01:33:29 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/30 01:33:27 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/06/30 01:33:26 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/30 01:33:25 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/06/30 01:33:23 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/06/30 01:33:16 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/06/30 01:30:41 | 013,197,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll
MOD - [2012/06/30 01:20:12 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/06/30 01:19:44 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/06/30 01:12:42 | 001,666,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll
MOD - [2012/06/30 01:03:36 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/06/30 01:03:24 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MOD - [2012/06/30 01:03:18 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/06/30 01:03:17 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/06/30 01:03:06 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/06/30 01:02:58 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/06/28 05:28:56 | 000,438,296 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 05:28:54 | 003,972,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
MOD - [2012/06/28 05:27:29 | 000,140,328 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avutil-51.dll
MOD - [2012/06/28 05:27:28 | 000,262,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avformat-54.dll
MOD - [2012/06/28 05:27:26 | 002,386,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll
MOD - [2012/06/28 03:27:26 | 009,252,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
MOD - [2012/05/24 13:10:58 | 003,417,376 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_80c2ffa.dll
MOD - [2012/05/22 05:04:08 | 000,043,008 | ---- | M] () -- C:\Program Files\Office Depot PC Support Agent\ESResources.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/06 18:55:29 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/02/06 18:55:28 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/02/06 18:55:28 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/02/06 18:55:27 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/02/06 18:55:27 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/02/06 18:55:27 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/02/06 18:55:27 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/02/06 18:55:27 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/02/06 18:55:27 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/02/06 18:55:26 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/02/06 18:55:26 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/02/06 18:55:26 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/02/06 18:41:06 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2011/02/06 18:41:05 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/02/06 18:41:05 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/02/06 18:41:05 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/02/06 18:41:04 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MOD - [2011/02/06 18:41:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MOD - [2011/02/06 18:41:04 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MOD - [2011/02/06 18:41:03 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MOD - [2011/02/06 18:41:02 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/02/06 18:41:01 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/02/06 18:41:01 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/02/06 18:41:01 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/02/06 18:40:59 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/02/06 18:40:58 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/02/06 18:40:58 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2006/06/30 17:06:46 | 000,020,543 | ---- | M] () -- C:\Program Files\NetSupport Manager\PCIHOOKS.DLL
MOD - [2006/06/30 17:06:34 | 000,196,667 | ---- | M] () -- C:\Program Files\NetSupport Manager\TCCTL32.DLL
MOD - [2006/06/30 17:06:30 | 000,098,363 | ---- | M] () -- C:\Program Files\NetSupport Manager\pcicapi.DLL
MOD - [2006/06/30 17:06:30 | 000,028,728 | ---- | M] () -- C:\Program Files\NetSupport Manager\PCICHEK.DLL
MOD - [2002/05/03 16:40:32 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2000/08/08 13:33:06 | 000,102,400 | ---- | M] () -- C:\QUICKENW\qcomutil.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/25 01:42:01 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/24 13:10:58 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/05/22 05:04:16 | 000,964,032 | ---- | M] (Support.com, Inc.) [Auto | Running] -- C:\Program Files\Office Depot PC Support Agent\esService.exe -- (Office Depot PC Support Agent)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/02/04 07:40:44 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/21 14:50:46 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 17:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/06/30 17:06:46 | 000,016,447 | ---- | M] (NetSupport Ltd) [Auto | Running] -- C:\Program Files\NetSupport Manager\client32.exe -- (Client32)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/07/30 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/30 03:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/19 14:23:40 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110730.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/07/19 14:23:40 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110730.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/03/15 00:11:10 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV - [2009/10/30 12:40:58 | 000,398,912 | R--- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nc06_usb.sys -- (NUMARK_NC06)
DRV - [2009/10/30 12:40:56 | 000,039,488 | R--- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nc06_wdm.sys -- (NUMARK_NC06_WDM)
DRV - [2009/10/30 12:40:56 | 000,026,688 | R--- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nc06midi.sys -- (NUMARK_NC06_MIDI)
DRV - [2009/09/15 13:13:34 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/15 13:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/07/15 23:03:18 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink ™
DRV - [2008/04/13 22:05:30 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2008/03/28 06:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/01/15 15:53:22 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/01/15 15:53:22 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/09/18 18:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2006/08/07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2006/06/30 17:06:28 | 000,032,823 | ---- | M] (NetSupport Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pcisys.sys -- (PCISys)
DRV - [2006/06/30 17:06:28 | 000,024,633 | ---- | M] (NetSupport Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gdihook5.sys -- (gdihook5)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{38E55DB8-2EBB-46DC-98CA-171B60F1B2F0}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\..\SearchScopes\{38E55DB8-2EBB-46DC-98CA-171B60F1B2F0}: "URL" = http://www.google.co...1I7ADRA_enUS452
IE - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\..\SearchScopes\{D2AEBD9E-DF40-4353-A1E3-A33F501D4D6C}: "URL" = http://search.yahoo....0624,6901,0,8,0
IE - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3


========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\stacey\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\stacey\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\WINDOWS\Downloaded Program Files\npsoe.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\stacey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\stacey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\stacey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/02 12:23:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2012/06/17 12:05:21 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE (Intuit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (SysData Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1341028661156 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1265648315687 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pears...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{948BA608-EFDF-4587-B020-D394CBC53BE7}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B51EFC2C-7151-457E-AE87-97432BF2D176}: NameServer = 172.26.25.2
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/20 07:39:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{43ba27a6-43fa-11df-8fde-0018f80f1552}\Shell - "" = AutoRun
O33 - MountPoints2\{43ba27a6-43fa-11df-8fde-0018f80f1552}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{43ba27a6-43fa-11df-8fde-0018f80f1552}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{5bcb349f-390c-11df-8fdc-0018f80f1552}\Shell - "" = AutoRun
O33 - MountPoints2\{5bcb349f-390c-11df-8fdc-0018f80f1552}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5bcb349f-390c-11df-8fdc-0018f80f1552}\Shell\AutoRun\command - "" = E:\iStudio.exe
O33 - MountPoints2\{c99aa392-5593-11df-8fe3-0018f80f1552}\Shell - "" = AutoRun
O33 - MountPoints2\{c99aa392-5593-11df-8fe3-0018f80f1552}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c99aa392-5593-11df-8fe3-0018f80f1552}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3516811114-1319865687-740991956-1008..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-3516811114-1319865687-740991956-1008\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/02 12:22:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/29 14:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2012/06/22 14:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2012/06/22 14:46:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2012/06/20 16:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\My Documents\Office Depot PC Support Agent
[2012/06/20 16:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Application Data\QuickScan
[2012/06/18 17:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Local Settings\Application Data\PCHealth
[2012/06/18 11:36:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/06/17 12:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\My Documents\STK
[2012/06/17 12:50:03 | 000,000,000 | ---D | C] -- C:\McAfeePromo
[2012/06/17 12:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Application Data\OpswatLogs
[2012/06/17 12:03:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
[2012/06/17 11:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/17 11:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Office Depot PC Support Agent
[2012/06/17 11:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\support.com
[2012/06/17 11:27:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2012/06/17 11:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Application Data\supportdotcom
[2012/06/17 11:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\supportdotcom
[2012/06/17 11:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportdotcom
[2012/06/12 16:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Application Data\BACS.exe
[2012/06/11 16:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Local Settings\Application Data\MPlayer
[2012/06/11 16:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\My Documents\ShopToWin
[2012/06/11 16:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Application Data\FCTB000100685
[2012/06/11 16:07:09 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2012/06/11 16:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2012/06/11 16:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2012/06/11 16:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InstallIQ Updater
[2012/06/11 16:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/06/11 16:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2012/06/11 15:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\OApps
[2012/06/11 15:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Local Settings\Application Data\CRE
[2012/06/11 14:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\AppData
[2012/06/11 14:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\My Documents\Graboid
[2012/06/11 14:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2012/06/11 14:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Local Settings\Application Data\Geckofx
[2012/06/11 14:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\stacey\Application Data\Mozilla
[2012/06/11 14:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/06/11 14:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2012/06/11 01:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\AirPort
[2012/06/10 22:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/10 22:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2012/07/02 16:46:16 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/02 16:21:40 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/07/02 16:15:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/02 16:13:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/02 16:13:21 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/07/02 16:12:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/02 16:12:37 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\pcisys.ntk
[2012/07/02 12:23:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/07/02 09:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/02 08:00:00 | 000,000,680 | ---- | M] () -- C:\WINDOWS\tasks\HP-CollectPrintData.job
[2012/07/02 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-WXP-WS01-stacey.job
[2012/06/30 13:51:53 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/06/30 03:07:55 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/30 01:47:21 | 003,581,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/30 01:35:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/30 01:33:53 | 000,506,952 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/30 01:33:53 | 000,088,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/29 14:46:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/27 16:01:21 | 000,000,089 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/06/24 17:11:33 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2011.lnk
[2012/06/18 18:00:37 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\stacey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.LNK
[2012/06/18 11:37:05 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/06/18 09:20:39 | 000,182,646 | ---- | M] () -- C:\Documents and Settings\stacey\My Documents\Office Depot Work Order 0222310664450 Ticket 17175819 Receipt.mht
[2012/06/17 12:51:59 | 000,001,841 | ---- | M] () -- C:\Documents and Settings\stacey\Desktop\Office Depot Solutions Toolkit Report Sunday, June 17, 2012 12_51_58 PM.lnk
[2012/06/17 12:50:04 | 000,001,062 | ---- | M] () -- C:\Documents and Settings\stacey\Desktop\Click for 90 day free Data Backup.lnk
[2012/06/17 11:59:01 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 11:49:58 | 000,001,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Office Depot PC Support Agent.lnk
[2012/06/17 11:14:11 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/11 17:40:19 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\stacey\My Documents\lnk_fix_w7.zip
[2012/06/11 15:16:19 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\stacey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/10 22:52:01 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/06/10 22:37:31 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\stacey\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/10 22:37:30 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

========== Files Created - No Company Name ==========

[2012/06/30 03:17:48 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/30 03:07:50 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/29 23:13:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/29 23:13:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/06/25 01:42:07 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/17 13:01:05 | 000,182,646 | ---- | C] () -- C:\Documents and Settings\stacey\My Documents\Office Depot Work Order 0222310664450 Ticket 17175819 Receipt.mht
[2012/06/17 12:51:59 | 000,001,841 | ---- | C] () -- C:\Documents and Settings\stacey\Desktop\Office Depot Solutions Toolkit Report Sunday, June 17, 2012 12_51_58 PM.lnk
[2012/06/17 12:50:03 | 000,001,062 | ---- | C] () -- C:\Documents and Settings\stacey\Desktop\Click for 90 day free Data Backup.lnk
[2012/06/17 11:59:01 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/17 11:49:58 | 000,001,911 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Office Depot PC Support Agent.lnk
[2012/06/17 11:49:58 | 000,001,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Office Depot PC Support Agent.lnk
[2012/06/11 19:53:19 | 000,002,276 | ---- | C] () -- C:\Documents and Settings\stacey\Desktop\lnk_fix_w7.reg
[2012/06/11 17:40:18 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\stacey\My Documents\lnk_fix_w7.zip
[2012/06/11 01:06:45 | 000,002,141 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\AirPort Utility.lnk
[2012/06/10 22:52:01 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/04/25 23:46:02 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2012/04/25 23:45:59 | 000,007,102 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT
[2012/04/25 23:45:32 | 000,000,710 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2012/03/31 20:15:34 | 001,581,564 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3516811114-1319865687-740991956-1008-0.dat
[2012/03/31 20:15:24 | 000,373,118 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/29 21:30:18 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/07/31 02:31:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2011/07/26 01:00:36 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\stacey\.recently-used.xbel
[2011/04/16 12:26:10 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\stacey\jagex_runescape_preferences2.dat
[2011/04/16 12:23:14 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\stacey\jagex_runescape_preferences.dat
[2011/02/22 21:23:11 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\stacey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/09 23:19:20 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/11/22 17:47:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/19 00:17:27 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\stacey\Application Data\mcs.rma
[2010/09/19 00:17:27 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\stacey\Application Data\2D4843
[2010/08/22 02:12:35 | 000,059,480 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/19 13:03:14 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== LOP Check ==========

[2010/01/15 15:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/12/15 21:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2D119
[2010/03/23 22:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2011/05/17 14:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dbg
[2010/03/24 01:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2012/06/11 14:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2012/02/23 21:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\myitlab2010
[2010/03/23 22:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/03/13 00:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/03/24 01:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2012/06/11 16:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2010/08/21 23:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/07 10:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2012/06/12 16:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\BACS.exe
[2011/01/11 17:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\BodyMedia
[2012/06/11 16:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\FCTB000100685
[2011/03/06 20:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\FreeBurner
[2010/04/13 17:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\G7PS
[2011/03/06 23:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\gtk-2.0
[2011/02/09 23:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\Hardcore
[2011/06/09 14:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\HotSync
[2011/02/09 23:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\Juce VST Host
[2012/06/20 16:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\OpswatLogs
[2012/06/20 16:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\QuickScan
[2012/06/11 16:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\Sony Online Entertainment
[2011/03/13 00:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/06/17 11:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\supportdotcom
[2011/01/08 13:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\Unity
[2010/08/01 00:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\Windows Desktop Search
[2010/09/18 22:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\stacey\Application Data\Windows Search
[2011/05/20 13:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\techpro\Application Data\BodyMedia
[2011/05/20 13:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\techpro\Application Data\HotSync
[2011/05/20 13:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\techpro\Application Data\Windows Desktop Search
[2012/07/02 16:13:21 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



< End of report >


This also was a result:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{472F6BB8-3D5A-BC24-4155-3192C7AC8CF6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472F6BB8-3D5A-BC24-4155-3192C7AC8CF6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9194649F-7143-4308-90C1-D6A35B0E354E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9194649F-7143-4308-90C1-D6A35B0E354E}\ deleted successfully.
C:\Program Files\OApps\bho_project.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
C:\Documents and Settings\stacey\Local Settings\Application Data\Ilivid Player folder moved successfully.
C:\Documents and Settings\stacey\Application Data\searchquband folder moved successfully.
C:\Documents and Settings\All Users\Application Data\boost_interprocess\F013BA533648CD01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\boost_interprocess folder moved successfully.
C:\Documents and Settings\stacey\Local Settings\Application Data\funmoods.crx moved successfully.
C:\user.js moved successfully.
C:\Documents and Settings\stacey\Local Settings\Application Data\e14d740ogtqp53m3h02k070s66p503jed8e moved successfully.
C:\Documents and Settings\All Users\Application Data\e14d740ogtqp53m3h02k070s66p503jed8e moved successfully.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\boost_interprocess\ not found.
C:\Documents and Settings\All Users\Application Data\WeCareReminder folder moved successfully.
C:\Documents and Settings\stacey\Application Data\Babylon folder moved successfully.
Folder C:\Documents and Settings\stacey\Application Data\searchquband\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\stacey\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\stacey\My Documents\Downloads\cmd.txt deleted successfully.
Error: Unable to interpret <:\Program Files\Shop to Win 37> in the current context!
Error: Unable to interpret <C:\Program Files\OApps> in the current context!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users
->Java cache emptied: 12118713 bytes

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 12118713 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 27587393 bytes

User: NetworkService
->Temp folder emptied: 59676 bytes
->Temporary Internet Files folder emptied: 702428 bytes

User: stacey
->Temp folder emptied: 625523765 bytes
->Temporary Internet Files folder emptied: 98302400 bytes
->Java cache emptied: 20936506 bytes
->Google Chrome cache emptied: 205407636 bytes
->Apple Safari cache emptied: 16384 bytes
->Flash cache emptied: 258338 bytes

User: techpro
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 12114737 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4594079 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 315981217 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 117 bytes

Total Files Cleaned = 1,274.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07022012_122253

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat moved successfully.

PendingFileRenameOperations files...
File C:\WINDOWS\temp\Perflib_Perfdata_7f8.dat not found!

Registry entries deleted on Reboot...


Here is the avasti

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-02 16:54:59
-----------------------------
16:54:59.193 OS Version: Windows 5.1.2600 Service Pack 3
16:54:59.193 Number of processors: 2 586 0x170A
16:54:59.193 ComputerName: WXP-WS01 UserName: stacey
16:55:02.677 Initialize success
17:00:42.240 AVAST engine defs: 12070201
17:00:56.646 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:00:56.646 Disk 0 Vendor: ST3250318AS CC45 Size: 238418MB BusType: 3
17:00:56.677 Disk 0 MBR read successfully
17:00:56.677 Disk 0 MBR scan
17:00:56.756 Disk 0 Windows XP default MBR code
17:00:56.756 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:00:56.787 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238377 MB offset 81920
17:00:56.802 Disk 0 scanning sectors +488279202
17:00:56.896 Disk 0 scanning C:\WINDOWS\system32\drivers
17:01:10.427 Service scanning
17:01:29.568 Service MpKsl7c0b758b c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{239D1B11-07D9-46C7-B310-5C13C34F13B9}\MpKsl7c0b758b.sys **LOCKED** 32
17:01:47.490 Modules scanning
17:01:52.521 Disk 0 trace - called modules:
17:01:52.537 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:01:52.552 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d8bab8]
17:01:52.552 3 CLASSPNP.SYS[f7666fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d46b00]
17:01:59.099 AVAST engine scan C:\WINDOWS
17:02:15.021 AVAST engine scan C:\WINDOWS\system32
17:07:31.896 AVAST engine scan C:\WINDOWS\system32\drivers
17:07:58.959 AVAST engine scan C:\Documents and Settings\stacey
17:12:38.052 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\stacey\Desktop\MBR.dat"
17:12:38.099 The log file has been saved successfully to "C:\Documents and Settings\stacey\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-02 17:12:59
-----------------------------
17:12:59.131 OS Version: Windows 5.1.2600 Service Pack 3
17:12:59.131 Number of processors: 2 586 0x170A
17:12:59.131 ComputerName: WXP-WS01 UserName: stacey
17:12:59.943 Initialize success
17:13:10.990 AVAST engine defs: 12070201
17:13:16.006 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:13:16.006 Disk 0 Vendor: ST3250318AS CC45 Size: 238418MB BusType: 3
17:13:16.052 Disk 0 MBR read successfully
17:13:16.052 Disk 0 MBR scan
17:13:16.131 Disk 0 Windows XP default MBR code
17:13:16.131 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
17:13:16.162 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238377 MB offset 81920
17:13:16.177 Disk 0 scanning sectors +488279202
17:13:16.334 Disk 0 scanning C:\WINDOWS\system32\drivers
17:13:34.521 Service scanning
17:13:53.881 Service MpKsl7c0b758b c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{239D1B11-07D9-46C7-B310-5C13C34F13B9}\MpKsl7c0b758b.sys **LOCKED** 32
17:14:11.068 Modules scanning
17:14:25.865 Disk 0 trace - called modules:
17:14:25.896 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:14:25.912 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d8bab8]
17:14:25.912 3 CLASSPNP.SYS[f7666fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d46b00]
17:14:26.209 AVAST engine scan C:\WINDOWS
17:14:51.709 AVAST engine scan C:\WINDOWS\system32
17:21:29.162 AVAST engine scan C:\WINDOWS\system32\drivers
17:22:05.802 AVAST engine scan C:\Documents and Settings\stacey
17:42:14.287 File: C:\Documents and Settings\stacey\My Documents\Downloads\OTM.exe **INFECTED** Win32:Rootkit-gen [Rtk]
17:48:30.568 AVAST engine scan C:\Documents and Settings\All Users
17:56:25.990 Scan finished successfully
21:14:17.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\stacey\Desktop\MBR.dat"
21:14:17.109 The log file has been saved successfully to "C:\Documents and Settings\stacey\Desktop\aswMBR.txt"


Thank you again for the help so far.
  • 0

#4
Essexboy
Posted 03 July 2012 - 07:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It looks as though they just ran MBAM to clear the malware, the elemnts in Chrome must be removed manually I am afraid


Google Chrome:
1. Open Google Chrome.
2. Click on the Wrench icon on top right corner of the browser.
3. Choose “Settings” from the drop down list.
4. Select “Basics.”
5. Click on “Manage search engines” under SEARCH settings area.
6. Hover your mouse to a preferred search engine and click “Make default.”
7. You can now remove unwanted search provider by clicking on the X mark.

If you cannot find searchnu.com from the lists of search providers, it may have other names like iLivid or something.

How is the computer behaving now ?
  • 0

#5
svillan7
Posted 03 July 2012 - 08:49 PM

svillan7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I followed your instructions. I did not find anything funny in the search engine part. I opened add/delete program and did not find anything there. Then, I went back to settings on Chrome and went to appearances. Under "set pages" I found both the searchnu and the babylon. I took them off. So far, it appears not to have returned. Thank you so much for all of your help. I was ready to throw the darn thing in the garbage:)
  • 0

#6
Essexboy
Posted 04 July 2012 - 08:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Glad you found it, as we do not yet have a tool to work within Chrome

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#7
Essexboy
Posted 06 July 2012 - 12:04 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP