Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

.DLL Files Getting Deleted After Trojan.Agent/Gen-Kryptik Infection [S

Started by blueheadsets , Aug 30 2012 01:13 PM

  • This topic is locked This topic is locked

#16
blueheadsets
Posted 02 September 2012 - 06:44 AM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
# AdwCleaner v2.000 - Logfile created 09/02/2012 at 08:30:59
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Mark Hritz - MARK-OSX
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Mark Hritz\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\Conduit
Folder Deleted : C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\CT1060933
Folder Deleted : C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\CompeteInc
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\prefs.js

C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\user.js ... Deleted !

Deleted : user_pref("CT1060933..clientLogIsEnabled", false);
Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1060933.AppTrackingLastCheckTime", "Wed Aug 22 2012 08:09:34 GMT-0400 (Eastern Daylight[...]
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129633202291172081", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129652058719725628", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Deleted : user_pref("CT1060933.CTID", "CT1060933");
Deleted : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Thu Aug 30 2012 15:50:09 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Deleted : user_pref("CT1060933.CommunityChanged", true);
Deleted : user_pref("CT1060933.CurrentServerDate", "31-8-2012");
Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Fri Aug 31 2012 08:08:57 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Wed Aug 29 2012 10:08:22 GMT-0400 (Eastern [...]
Deleted : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");
Deleted : user_pref("CT1060933.FirstServerDate", "20-7-2010");
Deleted : user_pref("CT1060933.FirstTime", true);
Deleted : user_pref("CT1060933.FirstTimeFF3", true);
Deleted : user_pref("CT1060933.FirstTimeSettingsDone", true);
Deleted : user_pref("CT1060933.FixPageNotFoundErrors", false);
Deleted : user_pref("CT1060933.GroupingInvalidateCache", false);
Deleted : user_pref("CT1060933.GroupingLastCheckTime", "0");
Deleted : user_pref("CT1060933.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1060933.HasUserGlobalKeys", true);
Deleted : user_pref("CT1060933.HomePageProtectorEnabled", false);
Deleted : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://www.google.com/");
Deleted : user_pref("CT1060933.Initialize", true);
Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);
Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT1060933.InstalledDate", "Tue Jul 20 2010 01:04:47 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT1060933.InvalidateCache", false);
Deleted : user_pref("CT1060933.IsAlertDBUpdated", true);
Deleted : user_pref("CT1060933.IsGrouping", false);
Deleted : user_pref("CT1060933.IsMulticommunity", true);
Deleted : user_pref("CT1060933.IsOpenThankYouPage", true);
Deleted : user_pref("CT1060933.IsOpenUninstallPage", true);
Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Thu Aug 30 2012 09:38:42 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1060933.LastLogin_2.7.1.3", "Fri May 27 2011 12:21:50 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT1060933.LastLogin_3.10.0.1", "Sat Mar 17 2012 06:51:53 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.12.0.7", "Thu Apr 26 2012 09:54:24 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.12.2.3", "Fri Apr 27 2012 10:29:13 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.13.0.6", "Wed Jun 27 2012 11:18:47 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.14.1.0", "Sat Jul 21 2012 07:02:04 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.15.1.0", "Fri Aug 31 2012 07:17:18 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.3.3.2", "Sat Aug 13 2011 09:45:32 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT1060933.LastLogin_3.8.0.8", "Fri Nov 11 2011 15:55:48 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT1060933.LastLogin_3.8.1.0", "Sun Dec 25 2011 09:50:53 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT1060933.LastLogin_3.9.0.3", "Sat Feb 04 2012 15:54:41 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT1060933.LatestVersion", "3.15.1.0");
Deleted : user_pref("CT1060933.Locale", "en-us");
Deleted : user_pref("CT1060933.LoginCache", 4);
Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1060933.MCDetectTooltipShow", false);
Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT1060933.RadioIsPodcast", false);
Deleted : user_pref("CT1060933.RadioLastCheckTime", "Thu Aug 30 2012 09:39:18 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Deleted : user_pref("CT1060933.RadioMediaID", "21504191");
Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");
Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Deleted : user_pref("CT1060933.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT1060933.RadioStationName", "KFOG");
Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Deleted : user_pref("CT1060933.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT1060933.SearchBoxWidth", 152);
Deleted : user_pref("CT1060933.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT1060933.SearchEngineBeforeUnload", "AVG Secure Search");
Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Thu Aug 30 2012 09:38:41 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT1060933.SearchProtectorEnabled", false);
Deleted : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Thu Aug 30 2012 09:38:41 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT1060933.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Thu Aug 30 2012 15:17:21 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT1060933.SettingsLastUpdate", "1346236895");
Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Wed Aug 22 2012 08:08:16 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Deleted : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT1060933.UserID", "UN27064476820221033");
Deleted : user_pref("CT1060933.ValidationData_Search", 2);
Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2);
Deleted : user_pref("CT1060933.alertChannelId", "15651");
Deleted : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "247E6F727174354379453A3D2A722C757A787D312833232[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6F6F6B6D73727170");
Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737575717379787776242F4B4947[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj7<79f8k>>&qfi", "247E61393F236B25737276792A212C6E414F[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj7@3=i\"mbe", "247E61393F236B25707876792A212C6E414F444[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj7c==!ahe%peh", "247E61393F236B25707875722A212C6E414F4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj7fk;kg#8qkef)til", "247E61393F236B25737476742A212C6E4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj:c=9?adhkk@(shk", "247E61393F236B25746F77712A212C6E41[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj<f86?=e>cg?amhjf-xmp", "247E61393F236B25707875792A212[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj=<>::j>$odg", "247E61393F236B25717171752A212C6E414F44[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj=j8jf\"mbe", "247E61393F236B25717871792A212C6E414F444[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjdfhh6\"mbe", "247E61393F236B256E7374792A212C6E414F444[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjeik4!la$=h", "247E61393F236B25767179722A212C6E414F444[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjeik4!lad", "247E61393F236B25767179732A212C6E414F444D3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjgck:i\"mbe", "247E61393F236B256E7373742A212C6E414F444[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjhj>b?iodmakru*ujm", "247E61393F236B25717171792A212C6E[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cji>k3?a#nc&?j", "247E61393F236B257677287E2A6C3F4D424B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cji>k3?a#ncf", "247E61393F236B257678287E2A6C3F4D424B307[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cji?ckmmo$odg", "247E61393F236B257373287E2A6C3F4D424B30[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT1060933.backendstorage./9b-0?3g>d", "6F3B706A6A7174727A477244482048494E7A257A52237D2A27[...]
Deleted : user_pref("CT1060933.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Deleted : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Deleted : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Deleted : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Deleted : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "3A3E69413D7074727A72774546784B7A7A4E4F7A24");
Deleted : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F6B6D73727570707277");
Deleted : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT1060933.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "31");
Deleted : user_pref("CT1060933.backendstorage.cb_experience_000", "343331");
Deleted : user_pref("CT1060933.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT1060933.backendstorage.cb_user_id_000", "43423436353139363536323032385F46697265666F78")[...]
Deleted : user_pref("CT1060933.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT1060933.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT1060933.backendstorage.cbfirsttime", "5765642044656320313420323031312030393A32323A34312[...]
Deleted : user_pref("CT1060933.backendstorage.printitgreenstatus", "74727565");
Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "5361742053657020303120323031322032333A[...]
Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Deleted : user_pref("CT1060933.backendstorage.url_history", "68747470733A2F2F70617970616C6D616E616765722E70617[...]
Deleted : user_pref("CT1060933.backendstorage.url_history0001", "687474703A2F2F717569636B656E2E696E747569742E6[...]
Deleted : user_pref("CT1060933.clientLogIsEnabled", true);
Deleted : user_pref("CT1060933.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Wed Aug 22 2012 08:09:34 GMT-0400 (Eastern [...]
Deleted : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.initDone", true);
Deleted : user_pref("CT1060933.isAppTrackingManagerOn", false);
Deleted : user_pref("CT1060933.isFirstRadioInstallation", false);
Deleted : user_pref("CT1060933.myStuffEnabled", true);
Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,111,129272674122038321[...]
Deleted : user_pref("CT1060933.revertSettingsEnabled", false);
Deleted : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.testingCtid", "");
Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Thu Aug 30 2012 09:38:42 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Wed Aug 22 2012 08:09:33 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT1060933.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT1060933.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Mark Hritz\\Applic[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.applian.com/freecorder-gadget/loader.[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://us.yhs.search.yahoo.com/avg/searc[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 27 2011 13:34:35 GMT-04[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Aug 13 2011 09:45:41 GMT-0400 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Aug 13 2011 09:45:30 GMT-0400 (Eastern D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{87b71d38-f7a5-484b-a6d8-2c1f38d982af}");
Deleted : user_pref("CommunityToolbar.globalUserId", "76632b9f-108f-499e-925f-d49c146dc10d");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Aug 29 2012 08:09:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Aug 30 2012 09:39:29 GMT-040[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Aug 30 2012 09:39:21 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "afb73e10-6d1c-4449-9479-3de9c55d93ca");
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("[email protected]", true);
Deleted : user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&g[...]

-\\ Google Chrome v21.0.1180.83

File : C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [31770 octets] - [01/09/2012 08:52:06]
AdwCleaner[S1].txt - [31615 octets] - [02/09/2012 08:30:59]

########## EOF - C:\AdwCleaner[S1].txt - [31676 octets] ##########
  • 0

Advertisements

#17
blueheadsets
Posted 02 September 2012 - 07:11 AM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OTL logfile created on: 9/2/2012 8:55:19 AM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Mark Hritz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.73 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 71.09% Memory free
5.30 Gb Paging File | 4.46 Gb Available in Paging File | 84.21% Paging File free
Paging file location(s): C:\pagefile.sys 2791 4186 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.89 Gb Total Space | 21.32 Gb Free Space | 35.59% Space Free | Partition Type: NTFS
Drive E: | 93.11 Gb Total Space | 93.11 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive F: | 93.21 Gb Total Space | 93.21 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: MARK-OSX | User Name: Mark Hritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/31 08:16:12 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark Hritz\Desktop\OTL.exe
PRC - [2012/08/24 07:01:40 | 007,533,992 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/08/24 07:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/08/24 07:01:40 | 002,282,920 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2012/08/24 06:55:10 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
PRC - [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/07/13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2012/07/12 10:56:20 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/12 10:55:48 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/04/27 12:12:45 | 006,065,784 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2012/03/26 17:24:06 | 000,354,768 | ---- | M] (Plantronics, Inc.) -- C:\Program Files\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
PRC - [2012/03/26 17:13:10 | 000,624,080 | ---- | M] (Plantronics, Inc.) -- C:\Program Files\Plantronics\PlantronicsURE\PlantronicsURE.exe
PRC - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/10/16 19:41:31 | 000,201,976 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\sswat_hwrc_win_live\mattelhwrc_launcher.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/06/26 13:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2010/05/21 13:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2010/03/04 13:00:56 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2009/11/15 01:40:46 | 000,427,296 | ---- | M] (Apple Inc.) -- C:\Program Files\Boot Camp\KbdMgr.exe
PRC - [2009/09/25 14:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/09/16 17:33:46 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/16 16:22:08 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/09/12 15:19:16 | 000,099,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\system32\AppleTimeSrv.exe
PRC - [2008/09/12 15:19:14 | 000,136,496 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe
PRC - [2008/09/12 15:09:57 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2008/08/11 13:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2006/06/22 14:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2005/08/23 20:00:48 | 000,430,080 | ---- | M] (J. Eric Vaughan) -- C:\Program Files\Stay On Top\StayOnTop.exe
PRC - [2004/12/03 12:04:18 | 000,396,316 | ---- | M] (Naissan Innovations, LLC) -- C:\Program Files\AtomTime Pro\AtomTime.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:30:11 | 000,346,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PlantronicsURE\2e6ec167c4b5840a9664b469f5be76b9\PlantronicsURE.ni.exe
MOD - [2012/06/14 03:30:03 | 000,131,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PlantronicsBatteryS#\350c07431b81c483d0d5c4574e7dd89f\PlantronicsBatteryStatus.ni.exe
MOD - [2012/06/14 03:29:59 | 000,128,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Skype\388596826e6ffe5efd8189db15bdd847\Plantronics.UC.Skype.ni.dll
MOD - [2012/06/14 03:29:28 | 000,490,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\4717fc29cf79104a64c399d51f002e2e\Plantronics.Globalization.ni.dll
MOD - [2012/06/14 03:29:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/14 03:29:19 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/14 03:29:07 | 000,516,608 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.Utility\48f8b0fa54af59727424fa578e625e0d\Plantronics.Utility.ni.dll
MOD - [2012/06/14 03:27:28 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:27:15 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 03:23:22 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2012/06/14 03:14:56 | 000,054,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Webe#\c2b202f755140fc35e817470178e5e8d\Plantronics.UC.WebexConnect.ni.dll
MOD - [2012/06/14 03:13:48 | 000,112,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\6d8add850f05e4c0114eee5acf9e4692\Plantronics.Device.Hid.ni.dll
MOD - [2012/06/14 03:13:46 | 000,582,144 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\3506e6ecfd990b0db4a6d03da0f02469\Plantronics.Device.Common.ni.dll
MOD - [2012/06/14 03:13:26 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e70343406253e43964f9fe1f42cfbd7c\System.Web.Services.ni.dll
MOD - [2012/05/13 03:29:51 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/13 03:29:15 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
MOD - [2012/05/13 03:28:26 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Wind#\087dffb5022baf107cabf67fc160cea3\Plantronics.UC.WindowsMediaPlayer.ni.dll
MOD - [2012/05/13 03:28:18 | 000,018,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Shor#\d89fd09cf90ccd3c5f51459976fcfe18\Plantronics.UC.ShoreTel.ni.dll
MOD - [2012/05/13 03:28:15 | 000,112,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Sess#\b7d3a8d703c168ad2c75d38e5a779fc4\Plantronics.UC.SessionService.ni.dll
MOD - [2012/05/13 03:28:13 | 000,031,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Rest#\e367f351f2903b3a5232499595db52af\Plantronics.UC.Rest.JsonpExtension.ni.dll
MOD - [2012/05/13 03:27:14 | 001,706,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
MOD - [2012/05/13 03:27:10 | 000,299,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Rest\39db94387b79144b635f4e914fa519dd\Plantronics.UC.Rest.ni.dll
MOD - [2012/05/13 03:27:05 | 000,155,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Offi#\fcdf2e64b52f861ead68166aafe1c732\Plantronics.UC.OfficeCommunicator.ni.dll
MOD - [2012/05/13 03:27:01 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.SP30SDKLib\4f6988a093db3c3d1403c2574a3f9f92\Interop.SP30SDKLib.ni.dll
MOD - [2012/05/13 03:27:00 | 000,065,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.NEC\dd78b6340b96ef4e359e0f8e6c6fd967\Plantronics.UC.NEC.ni.dll
MOD - [2012/05/13 03:26:57 | 000,039,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.iTun#\f2e50e34930ab574a710455b74a96278\Plantronics.UC.iTunes.ni.dll
MOD - [2012/05/13 03:26:48 | 001,070,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
MOD - [2012/05/13 03:26:45 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
MOD - [2012/05/13 03:26:41 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
MOD - [2012/05/13 03:26:37 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
MOD - [2012/05/13 03:26:10 | 000,735,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSFC#\d5574220d32e4d800e81ddba2737813b\Plantronics.UC.CSFClient.ni.dll
MOD - [2012/05/13 03:26:08 | 000,139,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSF\21f3ffe05cee04b1383bf8ed2bed5294\Plantronics.UC.CSF.ni.dll
MOD - [2012/05/13 03:26:04 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Cisco\e7c0f4c824348e5b0f88f2470e4d0b5d\Plantronics.UC.Cisco.ni.dll
MOD - [2012/05/13 03:26:02 | 000,015,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\5fd5d9e7e24beaa13283b982a5c175c9\Plantronics.UC.AvayaSoftphone.ni.dll
MOD - [2012/05/13 03:26:00 | 000,067,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.TAPI\901c5e284c4ec9dbe4a75c4674402d75\Plantronics.UC.TAPI.ni.dll
MOD - [2012/05/13 03:25:59 | 000,015,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\3fc9f9f9d816cc85def3e32e12c73410\Plantronics.UC.AvayaIPAgent.ni.dll
MOD - [2012/05/13 03:25:55 | 000,368,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Comm#\2590fd62f3e166474680b424af4d0220\Plantronics.UC.Common.ni.dll
MOD - [2012/05/13 03:25:53 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avaya\2257d435dc1dcd01888577478ddd97f4\Plantronics.UC.Avaya.ni.dll
MOD - [2012/05/13 03:25:49 | 000,111,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\c1d4ceabd2c641c102905e8ece1a2391\Plantronics.License.Manager.ni.dll
MOD - [2012/05/13 03:25:43 | 000,056,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\b8aa36668909c37ed79559006d59b7af\Plantronics.License.Common.ni.dll
MOD - [2012/05/13 03:25:41 | 000,076,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.FlexNet#\37d21c41c9bce51ac956a4a4347d9c3a\Plantronics.FlexNet.Adapter.ni.dll
MOD - [2012/05/13 03:25:34 | 000,078,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Util#\5fa58996878ab9421e79758ffdb59ef8\Plantronics.UC.Utility.ni.dll
MOD - [2012/05/13 03:25:07 | 000,035,840 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Plantronics.Config\299815298c225dcf520401b8f95ffc83\Plantronics.Config.ni.dll
MOD - [2012/05/13 03:24:28 | 000,696,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\log4net\cb360d948d3a415eed4a9924b14c98e5\log4net.ni.dll
MOD - [2012/05/13 03:21:42 | 000,414,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.SKYPE4COMLib\472a3c289a92db348fa8f7779d14738d\Interop.SKYPE4COMLib.ni.dll
MOD - [2012/05/13 03:21:32 | 000,214,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\69e282a3bf754cf69500be1a4d8380ca\Interop.FNCClient11Lib.ni.dll
MOD - [2012/05/13 03:21:29 | 000,144,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.Communicato#\c23505b38b9959f90a8580dd9dc1218d\Interop.CommunicatorAPI.ni.dll
MOD - [2012/05/13 03:21:26 | 000,056,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.CiscoInterf#\1e39163c67bd28bc84e9b41c76a0e73c\Interop.CiscoInterface.ni.dll
MOD - [2012/05/13 03:20:38 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/13 03:20:34 | 000,440,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Atapi\ea18a74f1ed9daf4ffbf5ea32fd4f79f\Atapi.ni.dll
MOD - [2012/05/13 03:18:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/13 03:17:29 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
MOD - [2012/05/13 03:15:40 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/13 03:15:18 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/16 19:41:31 | 000,201,976 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\sswat_hwrc_win_live\mattelhwrc_launcher.exe
MOD - [2010/03/04 13:01:02 | 000,097,384 | R--- | M] () -- C:\Program Files\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
MOD - [2009/08/08 21:55:01 | 000,507,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
MOD - [2008/09/12 15:19:14 | 000,136,496 | ---- | M] () -- C:\WINDOWS\system32\AppleOSSMgr.exe
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/16 12:58:10 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2001/07/31 11:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (STSService)
SRV - [2012/08/27 20:35:22 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/24 07:01:40 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/08/23 16:37:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2012/07/12 10:56:20 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 10:55:48 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/04 13:00:56 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/09/25 14:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/09/16 16:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/09/12 15:19:16 | 000,099,632 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\WINDOWS\system32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2008/09/12 15:19:14 | 000,136,496 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2003/10/22 11:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/13 07:02:48 | 000,120,616 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2012/07/13 07:02:47 | 000,179,112 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2012/07/13 07:02:47 | 000,114,728 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2012/07/13 07:02:47 | 000,101,544 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2012/07/13 07:02:46 | 000,149,032 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2012/07/12 10:55:53 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2012/06/27 15:51:05 | 000,051,496 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\NNSpihs.sys -- (NNSPIHS)
DRV - [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2012/03/26 19:42:10 | 000,121,080 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/09/09 13:54:48 | 000,038,536 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NNSNAHS.sys -- (NNSNAHS)
DRV - [2011/03/10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\PSKMAD.sys -- (PSKMAD)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/01/28 15:40:06 | 000,033,336 | ---- | M] (M2Tech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vadspdif.sys -- (vadspdif)
DRV - [2009/11/15 01:40:46 | 000,005,760 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2009/10/16 09:36:53 | 000,029,696 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\applemtp.sys -- (applemtp)
DRV - [2009/10/16 09:36:53 | 000,010,496 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\applemtm.sys -- (applemtm)
DRV - [2009/10/16 09:36:50 | 000,023,552 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyMagic.sys -- (KeyMagic)
DRV - [2009/08/27 15:52:48 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2009/08/27 15:52:44 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/09/12 15:09:56 | 004,751,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/09/12 15:08:50 | 000,013,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/09/12 15:08:41 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/09/12 15:08:39 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/09/12 15:06:23 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/09/12 15:04:30 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV - [2008/09/12 15:03:30 | 000,006,784 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2008/08/11 13:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 13:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/13 14:46:31 | 000,036,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bthprint.sys -- (BTHprint)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/07/19 09:35:20 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V-usbser.sys -- (usbser)
DRV - [2007/07/16 12:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/07/03 19:59:10 | 000,086,824 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2007/07/03 19:58:20 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 19:57:24 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 19:54:24 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007/01/31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/28 15:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/06/13 06:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 06:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 06:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 06:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 06:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/03/17 09:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 09:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1343024091-789336058-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
IE - HKU\S-1-5-21-1343024091-789336058-725345543-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKU\S-1-5-21-1343024091-789336058-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1343024091-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-789336058-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: """
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.5.1.119
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.11.2.1
FF - prefs.js..extensions.enabledItems: {70a9aa80-d283-4eae-8a87-ee7b769edf53}:1.0
FF - prefs.js..extensions.enabledItems: FFToolbar@upromise:7.0.2.4181
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks: ""
FF - prefs.js..network.proxy.socks_port: ""
FF - prefs.js..network.proxy.socks_remote_dns: ""
FF - prefs.js..network.proxy.ssl: ""
FF - prefs.js..network.proxy.ssl_port: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mark Hritz\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Mark Hritz\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mark Hritz\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\mattelinc.com/HotWheelsLoader: C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\sswat_hwrc_win_live\npHotWheelsLoader.dll (Mattel, Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/02 08:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/02 08:31:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/08/30 15:04:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Mark Hritz\Application Data\Move Networks [2010/02/25 10:55:17 | 000,000,000 | ---D | M]

[2010/02/15 02:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Extensions
[2010/02/15 02:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/09/02 08:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions
[2010/04/27 15:38:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/04 03:16:27 | 000,000,000 | ---D | M] (Page Speed Closure Compiler Extension) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53}
[2012/07/05 14:39:57 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2010/04/27 15:38:46 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012/08/27 23:20:27 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012/05/27 15:25:42 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Mark Hritz\Application Data\Mozilla\Firefox\Profiles\pyglmphs.default\extensions\[email protected]
[2012/08/23 16:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/23 16:37:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/23 16:37:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/08/30 20:13:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012/08/30 20:13:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/30 20:13:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/08/30 20:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\distribution\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MARK HRITZ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PYGLMPHS.DEFAULT\EXTENSIONS\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
[2011/09/21 09:24:25 | 000,455,818 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARK HRITZ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PYGLMPHS.DEFAULT\EXTENSIONS\[email protected]
[2012/03/24 11:50:19 | 001,184,804 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARK HRITZ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PYGLMPHS.DEFAULT\EXTENSIONS\[email protected]
[2012/08/23 16:37:35 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/07/28 12:07:36 | 000,069,632 | ---- | M] (UPS) -- C:\Program Files\mozilla firefox\plugins\NPEltr32.dll
[2012/07/21 10:43:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/21 10:43:28 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: UPS Thermal 2442 Printer Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPEltr32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Mark Hritz\Application Data\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Mark Hritz\Application Data\Move Networks\plugins\npqmp071502000008.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: HotWheels Loader (Enabled) = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\sswat_hwrc_win_live\npHotWheelsLoader.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\7.7_0\
CHR - Extension: Google Calendar = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Games = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fobcpibfeplaikcclojfdhfdmbbeofai\1.1_0\
CHR - Extension: Chrome Remote Desktop BETA = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\1.6.1180.51_0\
CHR - Extension: Music = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgakehlldcacnfhjampnkihibmkgclhk\1.1_0\
CHR - Extension: Keep My Opt-Outs = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: Google Talk Launcher = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icjglmbkgdgdgdigllcokdabceikdppi\1.0.6_0\
CHR - Extension: Twitter Notifier = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn\4.1.1_0\
CHR - Extension: Calculator = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdkgihpbaofhkiliohfepioflkkbapao\1.0.9_0\
CHR - Extension: Scratchpad = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm\3.0.17_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\
CHR - Extension: Gmail = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/01 21:50:24 | 000,443,130 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15227 more lines...
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AtomTime] C:\Program Files\AtomTime Pro\AtomTime.EXE (Naissan Innovations, LLC)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PlantronicsBatteryStatus.exe] C:\Program Files\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [PlantronicsURE.exe] C:\Program Files\Plantronics\PlantronicsURE\PlantronicsURE.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKU\S-1-5-21-1343024091-789336058-725345543-1003..\Run: [699D660B7DDCBEB8C5A6CACA73D2DF4CFFD1BE20._service_run] C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-1343024091-789336058-725345543-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-1343024091-789336058-725345543-1003..\Run: [Mattel HWRC Launcher] C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\sswat_hwrc_win_live\mattelhwrc_launcher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Mark Hritz\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O4 - Startup: C:\Documents and Settings\Mark Hritz\Start Menu\Programs\Startup\PC Sleep.lnk = C:\Documents and Settings\Mark Hritz\Application Data\Microsoft\Installer\{FBAFC5DB-5511-4150-91EC-995E9BB2D099}\_4ae13d6c.exe ()
O4 - Startup: C:\Documents and Settings\Mark Hritz\Start Menu\Programs\Startup\Stay On Top.lnk = C:\Documents and Settings\Mark Hritz\Application Data\Microsoft\Installer\{5C6C0192-BA75-4932-8931-B2FF88346E49}\_16dd6dc4.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1343024091-789336058-725345543-1003\..Trusted Domains: internet ([]about in Internet)
O15 - HKU\S-1-5-21-1343024091-789336058-725345543-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1343024091-789336058-725345543-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemywi...i Installer.cab (Support.com Configuration Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229476777125 (MUWebControl Class)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingb...SlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {F4D10716-6F96-48E9-8A08-7E3AD71054AD} https://qbo.intuit.c...11/qboimax9.cab (QuickBooks Online Edition Import Utilities Class v9)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA964EDF-1DAC-47D6-B8D4-6694DCA78CE8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA964EDF-1DAC-47D6-B8D4-6694DCA78CE8}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E745A1FC-2A42-4461-AAFC-5100B3C8391D}: NameServer = 192.168.1.1,208.67.222.222
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/17 01:18:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/09/02 08:49:34 | 010,651,696 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mark Hritz\Desktop\mbam-consumer.exe
[2012/09/02 08:41:41 | 000,046,280 | ---- | C] (Panda Security) -- C:\WINDOWS\System32\drivers\PSKMAD.sys
[2012/09/02 07:52:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/01 08:39:16 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mark Hritz\Desktop\tdsskiller.exe
[2012/08/31 08:21:24 | 001,973,368 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Mark Hritz\Desktop\avg_remover_stf_x86_2012_2125.exe
[2012/08/31 08:16:20 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark Hritz\Desktop\OTL.exe
[2012/08/30 09:35:57 | 000,000,000 | ---D | C] -- C:\Envelope Manager
[2012/08/29 17:33:58 | 298,569,104 | ---- | C] (Intuit, Inc. ) -- C:\Documents and Settings\Mark Hritz\Desktop\QuickBooksPro2008.exe
[2012/08/29 17:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hritz\Application Data\Download Manager
[2012/08/29 13:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2012/08/29 13:26:26 | 004,200,024 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
[2012/08/29 13:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quicken 2012
[2012/08/29 13:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hritz\Desktop\Quicken
[2012/08/29 13:08:08 | 101,538,008 | ---- | C] (Intuit Inc. ) -- C:\Documents and Settings\Mark Hritz\My Documents\Quicken_Deluxe_2012.exe
[2012/08/28 09:06:42 | 000,000,000 | ---D | C] -- C:\endicia bu
[2012/08/27 20:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hritz\Desktop\backup
[2012/08/23 16:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/08/22 18:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hritz\Desktop\Music
[2012/08/22 18:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hritz\Desktop\Files from work
[2012/08/22 18:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hritz\Desktop\misc files
[2012/08/22 08:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark Hritz\Start Menu\Programs\Google Chrome
[2012/08/03 09:38:41 | 018,376,624 | ---- | C] (Mooii) -- C:\Documents and Settings\Mark Hritz\Desktop\PhotoScape_V3.6.2.exe
[2010/10/06 00:41:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mark Hritz\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/09/02 08:48:49 | 001,376,768 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\RogueKiller.exe
[2012/09/02 08:43:40 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Start Menu\Programs\Startup\Stay On Top.lnk
[2012/09/02 08:43:38 | 000,002,355 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Start Menu\Programs\Startup\PC Sleep.lnk
[2012/09/02 08:42:41 | 000,190,797 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/09/02 08:42:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/02 08:38:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/02 08:32:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/02 08:26:51 | 010,651,696 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mark Hritz\Desktop\mbam-consumer.exe
[2012/09/02 08:21:02 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-789336058-725345543-1003UA.job
[2012/09/02 08:21:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-789336058-725345543-1003Core.job
[2012/09/01 08:49:30 | 000,511,265 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\adwcleaner.exe
[2012/09/01 08:38:34 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mark Hritz\Desktop\tdsskiller.exe
[2012/08/31 08:28:46 | 000,182,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/31 08:21:13 | 001,973,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Mark Hritz\Desktop\avg_remover_stf_x86_2012_2125.exe
[2012/08/31 08:16:12 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark Hritz\Desktop\OTL.exe
[2012/08/30 22:38:15 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\MBR.dat
[2012/08/30 22:10:00 | 000,011,385 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\gsview32.ini
[2012/08/30 22:08:57 | 000,011,998 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\102-2144650-6802617.pdf
[2012/08/30 16:12:52 | 000,702,933 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\Label-240879312-361497992.pdf
[2012/08/30 15:04:49 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/08/30 15:04:48 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[2012/08/30 14:18:29 | 000,002,117 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2012/08/30 14:18:29 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2008.lnk
[2012/08/30 11:37:52 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\orders.rtf
[2012/08/30 08:56:42 | 000,000,446 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\qbregistration.dat
[2012/08/29 17:49:11 | 000,000,396 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\alphanet.qbw.nd
[2012/08/29 17:34:49 | 298,569,104 | ---- | M] (Intuit, Inc. ) -- C:\Documents and Settings\Mark Hritz\Desktop\QuickBooksPro2008.exe
[2012/08/29 17:31:30 | 000,559,800 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\Setup_QuickBooksPro2008.exe
[2012/08/29 13:26:19 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2012.lnk
[2012/08/29 13:26:10 | 000,000,165 | ---- | M] () -- C:\WINDOWS\Quicken.ini
[2012/08/29 13:08:25 | 101,538,008 | ---- | M] (Intuit Inc. ) -- C:\Documents and Settings\Mark Hritz\My Documents\Quicken_Deluxe_2012.exe
[2012/08/28 11:44:40 | 000,012,364 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\FAX_20120828_1346166317_4.efx
[2012/08/28 10:13:12 | 000,049,404 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\waffle_vodka.jpg
[2012/08/28 09:12:10 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DYMO Printable Postage.lnk
[2012/08/27 20:35:21 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/27 20:35:20 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/27 19:31:09 | 113,967,104 | R--- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\alphanet.qbw
[2012/08/27 08:24:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/23 21:55:14 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\Firefox Recovery Key.html
[2012/08/23 10:34:48 | 000,189,257 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\screenshot.jpg
[2012/08/23 10:34:23 | 000,015,360 | -H-- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\photothumb.db
[2012/08/22 10:16:04 | 000,058,526 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\2012-32.pdf
[2012/08/22 10:14:01 | 000,007,572 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\PamFax.pdf
[2012/08/22 08:13:03 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\Google Chrome.lnk
[2012/08/22 08:13:03 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/21 22:47:20 | 000,000,437 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\My Documents\shipping label template.rtf
[2012/08/21 10:19:15 | 000,037,510 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\EMS 8-25.PDF
[2012/08/17 13:01:20 | 000,137,391 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\My Documents\fax page
[2012/08/16 12:04:14 | 000,037,248 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\EXPRESS 8-18.PDF
[2012/08/14 22:03:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/03 09:42:20 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2012/08/03 09:42:20 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Mark Hritz\Desktop\PhotoScape.lnk
[2012/08/03 09:38:50 | 018,376,624 | ---- | M] (Mooii) -- C:\Documents and Settings\Mark Hritz\Desktop\PhotoScape_V3.6.2.exe

========== Files Created - No Company Name ==========

[2012/09/02 08:52:47 | 001,376,768 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\RogueKiller.exe
[2012/09/01 08:51:14 | 000,511,265 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\adwcleaner.exe
[2012/08/30 22:08:56 | 000,011,998 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\102-2144650-6802617.pdf
[2012/08/30 21:55:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\MBR.dat
[2012/08/30 16:12:49 | 000,702,933 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\Label-240879312-361497992.pdf
[2012/08/30 14:24:12 | 000,062,752 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\qbmapilibrary.dll
[2012/08/30 11:37:50 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\orders.rtf
[2012/08/30 09:27:38 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2008.lnk
[2012/08/30 08:56:42 | 000,000,446 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\qbregistration.dat
[2012/08/29 17:36:13 | 000,000,396 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\alphanet.qbw.nd
[2012/08/29 17:36:12 | 113,967,104 | R--- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\alphanet.qbw
[2012/08/29 17:33:16 | 000,559,800 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\Setup_QuickBooksPro2008.exe
[2012/08/29 13:26:19 | 000,001,577 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2012.lnk
[2012/08/28 11:44:43 | 000,012,364 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\FAX_20120828_1346166317_4.efx
[2012/08/28 10:13:16 | 000,049,404 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\waffle_vodka.jpg
[2012/08/28 09:12:10 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DYMO Printable Postage.lnk
[2012/08/23 21:55:03 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\Firefox Recovery Key.html
[2012/08/23 10:34:48 | 000,189,257 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\screenshot.jpg
[2012/08/22 18:25:02 | 000,052,304 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\ups forms.efx
[2012/08/22 10:16:03 | 000,058,526 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\2012-32.pdf
[2012/08/22 08:13:03 | 000,002,331 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\Google Chrome.lnk
[2012/08/22 08:13:03 | 000,002,309 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/22 08:11:33 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-789336058-725345543-1003UA.job
[2012/08/22 08:11:31 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-789336058-725345543-1003Core.job
[2012/08/21 10:19:14 | 000,037,510 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\EMS 8-25.PDF
[2012/08/17 13:01:20 | 000,137,391 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\My Documents\fax page
[2012/08/16 12:04:11 | 000,037,248 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Desktop\EXPRESS 8-18.PDF
[2012/07/27 10:07:11 | 000,007,572 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\PamFax.pdf
[2012/06/04 14:42:59 | 000,021,682 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\info
[2012/05/07 10:29:03 | 000,023,966 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\email
[2012/02/14 19:28:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/11 10:18:41 | 000,142,359 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\102-0229827-3240243
[2011/05/11 12:01:24 | 000,006,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\NanoRepository.bin
[2011/04/20 14:23:09 | 000,020,836 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\details
[2011/04/12 18:28:25 | 000,000,227 | ---- | C] () -- C:\WINDOWS\DAZZLE.INI
[2011/02/01 15:59:36 | 000,103,016 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\fedex.com
[2010/10/06 00:41:57 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Application Data\inst.exe
[2010/10/06 00:41:57 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Application Data\pcouffin.cat
[2010/10/06 00:41:57 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Application Data\pcouffin.inf
[2010/10/05 16:47:30 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/05/22 01:11:23 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\.recently-used.xbel
[2010/01/05 08:51:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\prvlcl.dat
[2009/02/25 01:56:20 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Application Data\$_hpcst$.hpc
[2009/01/12 12:39:21 | 000,011,385 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\gsview32.ini
[2009/01/08 03:07:23 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2010/03/06 19:35:51 | 001,084,873 | ---- | M] (non) -- C:\AAGPS Driver-Windows.exe
[2010/03/06 19:35:53 | 000,286,720 | ---- | M] () -- C:\AAGPS Update 34_5.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: QMGR.DLL >
[2004/08/04 08:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2004/08/04 08:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Documents and Settings\Mark Hritz\Local Settings\Temp\qmgr.dll

< MD5 for: SERVICES >
[2004/08/04 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/07/27 16:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CSS >
[2005/06/29 14:48:58 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files\Intuit\QuickBooks 2008\Components\Services\services.css
[2012/04/18 18:06:44 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 08:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.HTML >
[2008/04/16 12:29:04 | 000,004,166 | ---- | M] () MD5=DB0CABD236311DDEB186C9B8A13F39A6 -- C:\Program Files\BillP Studios\WinPatrol\services.html

< MD5 for: SERVICES.INI >
[2012/04/18 18:06:44 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini

< MD5 for: SERVICES.LNK >
[2008/12/17 01:19:06 | 000,001,602 | ---- | M] () MD5=3F489F178343080741F81CEF9F648F3A -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/04 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"Type" = 32
"Start" = 3
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = Background Intelligent Transfer Service
"DependOnService" = Rpcss [binary data] -- [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
"DependOnGroup" = [binary data]
"ObjectName" = LocalSystem
"Description" = Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = C:\WINDOWS\system32\qmgr.dll -- [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Enum]
"0" = Root\LEGACY_BITS\0000
"Count" = 1
"NextInstance" = 1

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< C:\Program Files\Common Files\ComObjects\*.* /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: Hitachi HTS543232L9SA02
Partitions: 4
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media
Interface type: 1394
Media Type: Fixed\thard disk media
Model: LaCie d2 quadra IEEE 1394 SBP2 Device
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 512
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 237.00GB
Starting Offset: 209735680
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 255111311360
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 60.00GB
Starting Offset: 255761317888
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 512
Hidden sectors: 0


DeviceID: Disk #1, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 93.00GB
Starting Offset: 210763776
Hidden sectors: 0


DeviceID: Disk #1, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 93.00GB
Starting Offset: 100210311168
Hidden sectors: 0


DeviceID: Disk #1, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 279.00GB
Starting Offset: 200317861888
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: MARK-OSX
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 C BOOTCAMP NTFS Partition 60 GB Healthy Boot
Volume 2 E LACIE_WIN_1 FAT32 Partition 93 GB Healthy
Volume 3 F LACIE_WIN_2 FAT32 Partition 93 GB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

#18
blueheadsets
Posted 02 September 2012 - 07:14 AM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
OTL Extras logfile created on: 9/2/2012 8:55:19 AM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Mark Hritz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.73 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 71.09% Memory free
5.30 Gb Paging File | 4.46 Gb Available in Paging File | 84.21% Paging File free
Paging file location(s): C:\pagefile.sys 2791 4186 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 59.89 Gb Total Space | 21.32 Gb Free Space | 35.59% Space Free | Partition Type: NTFS
Drive E: | 93.11 Gb Total Space | 93.11 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive F: | 93.21 Gb Total Space | 93.21 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: MARK-OSX | User Name: Mark Hritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1343024091-789336058-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.PBAFOCWMTSFP456Y35L6LR6UWE] -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe" = C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe:*:Enabled:PdaNetPC
"C:\Program Files\Vidalia Bundle\Tor\tor.exe" = C:\Program Files\Vidalia Bundle\Tor\tor.exe:*:Enabled:tor
"C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe" = C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe:*:Enabled:SlingPlayer -- (Sling Media Inc.)
"C:\Program Files\Pidgin\pidgin.exe" = C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin -- (The Pidgin developer community)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A8F7860-F5C6-48FE-8F0E-5CB113A40B13}" = Tracer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C6C0192-BA75-4932-8931-B2FF88346E49}" = Stay On Top
"{5CE74A57-75E8-43A9-9BAA-CB97A1A23043}" = Panda Cloud Antivirus
"{6432B21C-CA95-46CA-87D4-178CC2E58F84}_is1" = PamFax
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78F0F54C-6197-9D25-0D93-AF2FB79C6A31}" = Linn Download Manager
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F04B272-E0DD-47E7-8B55-D97483DB0EBD}" = hp LaserJet 1160/1320 series
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{90932C65-D68E-4257-AEE8-EBBFC36AC601}" = KENWOOD Music Editor Light
"{90B5E602-1867-449D-86FD-FC9DEA4434BF}" = HP Software Update
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A595CC0D-F39E-4A66-B057-B0DBE9BAD757}" = Calisto DFU Driver (x86)
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C95F28-A6B0-4F27-8B65-D159225B87F6}" = Wi-Fi Connect
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB2F9840-531D-4C8E-9F19-A101ECD9ABC0}" = UPS Thermal Printer Plugin - Version 8.10
"{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}" = IHA_MessageCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E338AFA2-6923-4B30-97C2-F6E60EFD1081}" = Plantronics Spokes Software
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E45628-1218-4865-A516-8E8A54272ADC}" = Boot Camp Services
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FBAFC5DB-5511-4150-91EC-995E9BB2D099}" = PC Sleep 2.1
"07AFE62D73C8799E9E5689F86FB9F48389717BA3" = Windows Driver Package - Plantronics, Inc. (usbser.nt) Ports (04/21/2009 5.1)
"18BB9B0552BA675902E31409A34F929D9C9AD56C" = Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0)
"3F930CC3EE841B82D6D463716B5F67BD240BBD46" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5)
"4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"67EB5CEF2A8C9A4153D3EBDCD5607B9796F7AD3D" = Windows Driver Package - Apple Inc. Apple Multitouch (12/04/2008 2.1.2.100)
"695F4B9353FEE9320C20D297713F8828693D8AF3" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
"6AB59209597E0F6B986EC8E976521FDF0A696C9D" = Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3)
"6B401A4481C0B1B07B5D7425378A5C00FF7D75DE" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"7-Zip" = 7-Zip 4.65
"80087CDF19A4CE2FBB535E7DC99A0E50FFA25589" = Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0)
"8262228CD4A5E4AAF3C55B3196FEA46E66F48B99" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (12/04/2008 2.1.2.100)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
"845BCE57FD1EE6BD21926EE98DFE247DC941211A" = Windows Driver Package - M2Tech (vadspdif) MEDIA (01/28/2010 1.0.3.140)
"87669768B0BCCAA9F8AECD401BA4233A85BE181C" = Windows Driver Package - Broadcom (BCM43XX) Net (03/21/2008 4.170.77.3)
"8BBE3DC2B1A38488ADAF1D96E1296F4F88B7F69C" = Windows Driver Package - CirrusLogic (HdAudAddService) MEDIA (09/15/2009 1.0.0.26)
"8D5DC06C9163DD58555F626F30703DA7B27EB8EB" = Windows Driver Package - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"984ACA88D282310838AF29D5199CDF43AE388FD6" = Windows Driver Package - Apple Inc. Apple Multitouch (09/02/2008 2.1.1.9)
"992615C0D0002C27AA3BB336C66D1E7764047A51" = Windows Driver Package - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5)
"A5C01BFF56C237567F15CEF109611AE653AA118B" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/02/2008 2.1.1.9)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AnyDVD" = AnyDVD
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"AtomTime Pro_is1" = AtomTime Pro 3.1d
"AudibleManager" = AudibleManager
"C5D9C9B48779BE5EB9696772045E4640741CD044" = Windows Driver Package - Apple Inc. (applebt) Bluetooth (05/30/2008 2.1.1.0)
"CCleaner" = CCleaner
"CD6212024668E03491C257CA53617893F2E8E924" = Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"CE031DF97C704035E8B6E570362ABD337ACA4BA5" = Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35)
"CloneDVD2" = CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.linnrecords.DownloadManager.40C89B3FC753A97A186C409C1D89AC73BA0FCCBF.1" = Linn Download Manager
"D1E46C4F35C591B14E31349A9EDA8227C5F0E966" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5)
"D3BCC671821E117ACD653C1AA146540791143F25" = Windows Driver Package - Apple Inc. Apple Display (12/19/2007 2.0.2.0)
"D66D0ACEFE4E32CCDF30362ACBB3EAEFB97E9FDE" = Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94)
"D9EFDADB2FBDCD0488D823F90CA5FC940F84F2BB" = Windows Driver Package - Apple Inc. Apple Keyboard (06/18/2008 2.1.1.1)
"DAZzle" = DAZzle
"Defraggler" = Defraggler (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"Endicia Professional" = Endicia Professional
"F24CB85E5983448F6319803791DEACED91E6565B" = Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)
"F2AE684ADF164A03D9FFABF28F04DDE05ED67BC5" = Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"foobar2000" = foobar2000 v1.1
"Freecorder4.01" = Freecorder 4.01 Application
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GSview 4.9" = GSview 4.9
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"ImTOO Windows Mobile Ringtone Maker" = ImTOO Windows Mobile Ringtone Maker
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"Mozilla Thunderbird 15.0 (x86 en-US)" = Mozilla Thunderbird 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"PhotoScape" = PhotoScape
"Pidgin" = Pidgin
"Printable Postage.exe" = DYMO Printable Postage
"Revo Uninstaller" = Revo Uninstaller 1.91
"SpywareBlaster_is1" = SpywareBlaster 4.6
"SysInfo" = Creative System Information
"TeamViewer 7" = TeamViewer 7
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Help and Support" = Verizon Help and Support Tool
"VLC media player" = VLC media player 1.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebSlingPlayer ActiveX" = WebSlingPlayer ActiveX
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1343024091-789336058-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/30/2012 2:24:51 PM | Computer Name = MARK-OSX | Source = QuickBooks | ID = 4
Description =

Error - 8/30/2012 2:24:51 PM | Computer Name = MARK-OSX | Source = QuickBooks | ID = 4
Description =

Error - 8/30/2012 2:24:51 PM | Computer Name = MARK-OSX | Source = QuickBooks | ID = 4
Description =

Error - 8/30/2012 2:25:13 PM | Computer Name = MARK-OSX | Source = QuickBooks | ID = 4
Description =

Error - 8/30/2012 2:25:13 PM | Computer Name = MARK-OSX | Source = QuickBooks | ID = 4
Description =

Error - 8/30/2012 2:25:13 PM | Computer Name = MARK-OSX | Source = QuickBooks | ID = 4
Description =

Error - 8/30/2012 2:32:03 PM | Computer Name = MARK-OSX | Source = Application Error | ID = 1000
Description = Faulting application thunderbird.exe, version 15.0.0.4619, faulting
module msvcr100.dll, version 10.0.30319.1, fault address 0x0008ae6e.

Error - 8/30/2012 2:40:43 PM | Computer Name = MARK-OSX | Source = Application Error | ID = 1000
Description = Faulting application thunderbird.exe, version 15.0.0.4619, faulting
module msvcr100.dll, version 10.0.30319.1, fault address 0x0008ae6e.

Error - 8/30/2012 3:03:45 PM | Computer Name = MARK-OSX | Source = Application Error | ID = 1000
Description = Faulting application thunderbird.exe, version 15.0.0.4619, faulting
module msvcr100.dll, version 10.0.30319.1, fault address 0x0008ae6e.

Error - 9/2/2012 8:54:30 AM | Computer Name = MARK-OSX | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.59.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/2/2012 7:53:06 AM | Computer Name = MARK-OSX | Source = Service Control Manager | ID = 7031
Description = The Panda Product Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 9/2/2012 7:53:06 AM | Computer Name = MARK-OSX | Source = Service Control Manager | ID = 7034
Description = The QBCFMonitorService service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/2/2012 7:53:06 AM | Computer Name = MARK-OSX | Source = Service Control Manager | ID = 7031
Description = The SlingAgentService service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 100000 milliseconds:
Restart the service.

Error - 9/2/2012 7:53:06 AM | Computer Name = MARK-OSX | Source = Service Control Manager | ID = 7031
Description = The TeamViewer 7 service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 2000 milliseconds:
Restart the service.

Error - 9/2/2012 7:53:06 AM | Computer Name = MARK-OSX | Source = Service Control Manager | ID = 7034
Description = The Amazon Unbox Video Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 9/2/2012 7:53:11 AM | Computer Name = MARK-OSX | Source = Service Control Manager | ID = 7031
Description = The Panda Cloud Antivirus Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
0 milliseconds: Restart the service.

Error - 9/2/2012 8:02:49 AM | Computer Name = MARK-OSX | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x41c), Please contact your system vendor for technical assistance.

Error - 9/2/2012 8:07:21 AM | Computer Name = MARK-OSX | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 9/2/2012 8:38:46 AM | Computer Name = MARK-OSX | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x41c), Please contact your system vendor for technical assistance.

Error - 9/2/2012 8:43:18 AM | Computer Name = MARK-OSX | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL


< End of report >
  • 0

#19
blueheadsets
Posted 02 September 2012 - 07:17 AM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Mark Hritz [Admin rights]
Mode : Scan -- Date : 09/02/2012 09:16:28

¤¤¤ Bad processes : 8 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH][DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : -> KILLED [TermProc]
[SUSP PATH][DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : -> KILLED [TermProc]
[SUSP PATH] mattelhwrc_launcher.exe -- C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\sswat_hwrc_win_live\mattelhwrc_launcher.exe -> KILLED [TermProc]
[SUSP PATH] agent.exe -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe -> KILLED [TermProc]
[SUSP PATH][DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH][DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll -> UNLOADED

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Mattel HWRC Launcher (C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\sswat_hwrc_win_live\mattelhwrc_launcher.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1343024091-789336058-725345543-1003[...]\Run : Mattel HWRC Launcher (C:\Documents and Settings\Mark Hritz\Local Settings\Application Data\sswat_hwrc_win_live\mattelhwrc_launcher.exe) -> FOUND
[STARTUP][SUSP PATH] PC Sleep.lnk @Mark Hritz : C:\Documents and Settings\Mark Hritz\Application Data\Microsoft\Installer\{FBAFC5DB-5511-4150-91EC-995E9BB2D099}\_4ae13d6c.exe -> FOUND
[STARTUP][SUSP PATH] Stay On Top.lnk @Mark Hritz : C:\Documents and Settings\Mark Hritz\Application Data\Microsoft\Installer\{5C6C0192-BA75-4932-8931-B2FF88346E49}\_16dd6dc4.exe -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543232L9SA02 +++++
--- User ---
[MBR] 642acaaf6d9108d277eca028e0127117
[BSP] 2142246f893f4aa76b69f8a805f2d870 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo
1 - [XXXXXX] UNKNOWN (0xaf) [VISIBLE] Offset (sectors): 409640 | Size: 243093 Mo
2 - [XXXXXX] MACOSX-BT (0xab) [VISIBLE] Offset (sectors): 498264280 | Size: 619 Mo
3 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 499533824 | Size: 61332 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: LaCie d2 quadra IEEE 1394 SBP2 Device +++++
--- User ---
[MBR] 6218c60d896c3ada68de7d97dd2299d1
[BSP] 5bb2a56d8169051f9a5953bcacedfbd0 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 200 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 411648 | Size: 95367 Mo
2 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 195723264 | Size: 95470 Mo
3 - [XXXXXX] UNKNOWN (0xaf) [VISIBLE] Offset (sectors): 391245824 | Size: 285774 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#20
blueheadsets
Posted 02 September 2012 - 07:17 AM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi,

Computer seems to be running OK but I haven't really done much other than what you've had me working on here. should I try to delete the remaining SuperAntiSpyware file folder?

Thanks,

Mark
  • 0

#21
godawgs
Posted 02 September 2012 - 08:17 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Yes. The OTL fix shows that the service was deleted and the file was deleted so just delete the folder.

The logs look good. The last scans didn't show any evidence of the new zero access rootkit :thumbsup:. Let's scan for malware remnants and get a security check and if everything id OK we'll be ready to wrap up.


Step-1.

Posted ImageMalwarebytes' Anti-Malware

Please open MalwareBytes. To do that double click the MalwareBytes icon on the desktop or click the Start button, highlight All Programs click the MalwareBytes folder and double click MalwareBytes Anti Malware. You will now be at the main program as shown below.

Posted Image
  • Click the Update tab and update the program.
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-2.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
  • When completed Do Not select Uninstall application on close, but make sure you copy the logfile
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-3.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step-4.

Things For Your Next Post:
1. The MalwareBytes log
2. The ESET online scan log
3. The Checkup.txt log
  • 0

#22
blueheadsets
Posted 02 September 2012 - 08:49 AM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
What anti virus do you recommend? I used to use ESET but found it slowed my computer down. Kapersky wasn't compatible with my system. I'm switching to Malwarebytes.
  • 0

#23
godawgs
Posted 02 September 2012 - 03:37 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

What anti virus do you recommend? I used to use ESET but found it slowed my computer down. Kapersky wasn't compatible with my system.

Your logs show you have Panda antivirus installed.
From the OTL log:
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus

You should only have one antivirus on the system If you want something else I will be happy to help but you will need to uninstall Panda :thumbsup:

Let me know what you want to do when you post the last logs I asked for.
  • 0

#24
blueheadsets
Posted 02 September 2012 - 08:44 PM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.02.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mark Hritz :: MARK-OSX [administrator]

Protection: Enabled

9/2/2012 12:59:34 PM
mbam-log-2012-09-02 (12-59-34).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 297426
Time elapsed: 1 hour(s), 30 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#25
blueheadsets
Posted 03 September 2012 - 07:42 AM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1dcb923a9f68b74dabf23cda85cb3b8a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-03 03:57:29
# local_time=2012-09-02 11:57:29 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 16777214 0 2 87243204 87243204 0 0
# compatibility_mode=1538 16774118 20 0 1893711 1893711 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=81726
# found=0
# cleaned=0
# scan_time=3960
  • 0

Advertisements

#26
blueheadsets
Posted 03 September 2012 - 07:44 AM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Results of screen317's Security Check version 0.99.49
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
P
a
n
d
a
ECHO is off.
C
l
o
u
d
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
WinPatrol 2009 (Outdated! Latest version is WinPatrol 2012)
MVPS Hosts File
SpywareBlaster 4.6
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
JavaFX 2.1.1
Java™ 6 Update 11
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0)
Mozilla Thunderbird (15.0.)
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUAService.exe
Panda Security Panda Cloud Antivirus PSUAMain.exe
Panda Security Panda Cloud Antivirus PSUNMain.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#27
blueheadsets
Posted 03 September 2012 - 08:41 AM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I have started using the system and re-installing. I will report back anything unusual.

I had some questions:

1. What are the recommended settings to use for Spybot Search & Destroy?

2. Your thoughts on using WinPatrol? I find it slows my system down. It is actually up to date. Not sure why it says 2009. I also think it is trying to do something with Adobe 9 because I get this error that the Adobe 9 program folder can't be found.

3. I am using the Panda Cloud version. I found it didn't slow my system down like other programs. I had compatibility issues with software I was running with AVG and Kapersky. NOD32 slowed my system down. But those issues were all at least 2 years ago and my usage habits have changed.

The only thing I really use this Windows computer for is Firefox, Chrome, Quickbooks, Postage Printing and Thunderbird. Otherwise I operate in a MAC environment.

Thank you!
  • 0

#28
godawgs
Posted 03 September 2012 - 04:21 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi

Spybot S&D can be run as a on demand scanner. The TeaTimer module monitors the processes called and initiated. It immediately detects known malicious processes wanting to start. In addition, TeaTimer detects when something wants to change some critical registry keys. TeaTimer can protect you against such changes again giving you an option: You can either "Allow" or "Deny" the change.
TeaTimer runs in the background to monitor these things so it uses system resources and can cause the system to slow down.

WinPatrol also alerts you to critical changes attempting to be made to the computer without your permission. It can also alert you to hijackings and malware attacks. Since it runs in the background constantly checking these things it can slow the system down. It might be having a problem with Adobe 9 because that Adobe version is way out of date.

Let's update the out of date programs and then do some cleanup.


Step-1.

Uninstall Programs

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

Java™ 6 Update 11
Eset online scanner

3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Clear the Java cache and update Java

  • Click Start then click Control Panel. If you are in category view click Change to Classic View in the left column.
  • Double click on the Java icon (it looks like a coffee cup) to open the Java control panel.
  • On the Generaltab, under the Temporary Internet Files section click the Settings... button. The Settings page will open.
  • Click the Delete Files... button. The Delete files page will open.
  • Make sure there is a check in the box beside
    • Trace and Log Files
    • Cached Applications and Applets
  • Click OK, click OK on Temporary Files Settings window.
Back at the Java Control Panel:
  • Click the Update tab.
  • Click the Update Now button at the bottom of the page.
    NOTE: It may take a minute or two for the Java Download window to appear, and after the download finishes the window will go away and it may take another minute or two for the Java Setup window to appear.
  • On the Java Setup window click the box beside Install Ask Toolbar to remove the check mark.
  • Click Install.
  • When you get the Java Installed successfully screen, click OK or Close
Once the installation window closes, if the Control Panel is still open, switch the Classic View back to the Category View if you wish and close the Control Panel


Step-3.

Update Adobe Flash Player

You will need to download and install both the IE and non-IE versions of Adobe Flashplayer. Click here to go to the download page.
  • Under Step 1, click the down arrow and choose your operating system.
  • Under Step 2, and select the browser you want to install FlashPlayer for.

    You will need to download and install each version of FlashPlayer seperately

  • Make sure to uncheck the install of the McAfee tool before downloading.
Please note, depending on your settings, you may have to temporarily disable your antivirus software.


Step-4.

Update Adobe Reader

Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from Here.
  • Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box.
  • Click the Download Now button to download Adobe Reader and follow the directions.


OK! Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please proceed with the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.


Step-1.

OTL Cleanup
1. Please copy all of the text in the code box below. To do this, highlight everything inside the code box , right click and click Copy.
  • :FILES
C:\Program Files\ESET

:COMMANDS
[EMPTYTEMP]
[CLEARALLRESTOREPOINTS]
  • Please re-open Posted Image on your desktop.
  • Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
  • Click the Posted Image button.
  • Let the program run unhindered. When finished click the OK button and close the log that appears.
  • NOTE: I do not need to review the log produced.
  • OTL may ask to reboot the machine. Please do so if asked.
2. Please re-open Posted Image on your desktop.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
The above process will flush all old System Restore points and create a new clean one. It will also remove some of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.


Step-2.

Delete Files

Delete the following files from the desktop.

avg_remover_stf_x86_2012_2125.exe
adwcleaner.exe
AdwCleaner[R1].txt
AdwCleaner[S1].txt
RogueKiller.exe
All REReport.txt files
SecurityCheck.exe
Checkup.txt

Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.


Step-3.

Reset Hidden Files and Folders

1. Click Start.
2. Open My Computer.
4. Select the Tools menu and click Folder Options.
5. Select the View tab.
6. Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
7. Click the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.


Step-4.

Re-Start TeaTimer

  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode and then on "Advanced Mode".
    Posted Image
  • You may be presented with a warning dialog. If so, press Yes.
  • Click on Posted Image
  • Click on Posted Image
  • Check these checkboxes:
    Posted Image
  • Close/Exit Spybot Search and Destroy.


Preventing Re-Infection


Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

XP Users: You must use Internet Explorer to Update Windows.
1. Click Start> All Programs, in the programs window that comes up, look for Windows Update toward the top of the list and click it.

:Turn On Automatic Updates:

XP Users:
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them


: Keep Java Updated :
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
: Keep Adobe Reader Updated :
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed
NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========
  • Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
  • SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
  • SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard-to catch and block spyware before it can execute. A tutorial can be found here.
  • WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.


It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========
  • TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
  • CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.
:BACKUPS:
  • Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT-(Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

:Keep Installed Programs Up to Date:

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A couple of programs that will do this are listed below. Only download and install one of the programs and run it monthly:
Secunia Software Inspector
Filehippo Update Checker

Finally, please read How did I Get Infected in the First Place(by Mr. Tony Klein and dvk01)


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For 24 hours or. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave:
godawgs
  • 0

#29
blueheadsets
Posted 04 September 2012 - 07:04 AM

blueheadsets

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Everything is good. System running much faster as well. Thanks for all the help.
  • 0

#30
godawgs
Posted 04 September 2012 - 09:12 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
You are welcome. If you need us in the future just give us a shout. If any of your friends ever need help, you know where to send them :prop:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP