Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow computer, takes close to 15 minutes to turn on, youtube videos wo

Started by m125xsx , Jan 05 2013 05:41 PM

  • Please log in to reply

#46
m125xsx
Posted 26 April 2013 - 05:49 PM

m125xsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Got a virus or spyware message the other day. Please see the screenshot...




Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/04/2013 7:24:44 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/04/2013 4:11:01 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:11:01 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:11:01 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:59 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:59 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:58 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:58 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:31 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:31 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:30 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:30 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:25 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:25 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:23 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:23 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:19 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:19 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:17 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:10:17 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 26/04/2013 4:09:41 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/04/2013 10:14:23 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 19/04/2013 10:16:45 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

------------------------------------------------------------










OTL logfile created on: 4/26/2013 7:29:08 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Elaine\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.46% Memory free
3.35 Gb Paging File | 1.71 Gb Available in Paging File | 51.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 56.43 Gb Free Space | 24.74% Space Free | Partition Type: NTFS
Drive T: | 931.28 Gb Total Space | 48.75 Gb Free Space | 5.23% Space Free | Partition Type: FAT32

Computer Name: FAMILY | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/26 19:28:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine\My Documents\Downloads\OTL.exe
PRC - [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/03/14 07:44:18 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/08 14:55:09 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/02/05 17:37:01 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/08/28 07:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/08/09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/11/14 07:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011/04/07 13:49:08 | 000,560,880 | ---- | M] (CrossLoop Inc) -- C:\Documents and Settings\Elaine\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2010/03/24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/01/22 12:38:32 | 002,749,952 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\cbInterface.exe
PRC - [2009/01/22 12:38:26 | 000,579,584 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\Cobian.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/20 21:18:32 | 000,366,400 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2005/03/23 01:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 04:57:07 | 000,390,096 | ---- | M] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 04:57:06 | 013,130,704 | ---- | M] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 04:57:05 | 004,050,896 | ---- | M] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 04:56:13 | 001,606,096 | ---- | M] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/11/14 07:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 07:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 07:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 07:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 07:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 07:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 07:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Documents and Settings\TEMP.D4K48M91\Application Data\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2013/04/12 13:39:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/14 07:44:18 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011/04/07 13:49:08 | 000,560,880 | ---- | M] (CrossLoop Inc) [Auto | Running] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2010/07/21 08:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/12 19:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130412.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/01/16 21:27:04 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130426.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 21:26:57 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130426.005\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/06 04:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130425.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/09 01:16:48 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/09 01:16:48 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/19 12:33:51 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/03/09 03:32:20 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/11/16 23:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/04 06:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...=en&client=dell
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {D2725E4A-E1D9-4934-B4EF-B88C2E11BE59}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1A417E79-D2EA-4EFF-B9E1-1099C9CE047A}: "URL" = http://search.lycos....y={searchTerms}
IE - HKCU\..\SearchScopes\{3A619F7A-75CC-45EC-BB37-9BEDB768097F}: "URL" = http://www.ask.com/w...src=0&o=0&l=dir
IE - HKCU\..\SearchScopes\{3DD36F8E-0564-4605-80BA-735004AF7ED6}: "URL" = http://search.yahoo....ei=utf-8&fr=ie8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...n=&geo=US&ver=1
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2856416
IE - HKCU\..\SearchScopes\{D2725E4A-E1D9-4934-B4EF-B88C2E11BE59}: "URL" = http://www.google.co...&rlz=1I7DAUS_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.4.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/15 16:05:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013/04/13 12:58:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 13:40:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/12 13:38:00 | 000,000,000 | ---D | M]

[2012/05/16 14:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Extensions
[2012/05/16 14:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Extensions\[email protected]
[2012/12/16 21:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\ztj9qtka.default\extensions
[2012/03/08 20:14:52 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\ztj9qtka.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2011/07/09 09:42:25 | 000,002,464 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\ztj9qtka.default\searchplugins\safesearch.xml
[2013/04/12 13:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/12 13:39:55 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/02 12:43:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/02 12:43:52 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: We-Care.com Reminder = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.32_0\
CHR - Extension: Gmail = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/12/18 20:36:45 | 000,304,978 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10574 more lines...
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cobian Backup 9] C:\Program Files\Cobian Backup 9\Cobian.exe (Luis Cobian)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
O4 - HKLM..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe File not found
O4 - HKLM..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe File not found
O4 - HKLM..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe File not found
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe File not found
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask File not found
O4 - HKCU..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork File not found
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.9.113.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1237941841015 (MUWebControl Class)
O16 - DPF: {7EC816D4-6FC3-4C58-A7DA-A770EE461602} http://151.203.99.51...tdownloader.cab (PowerTerm Downloader Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D28C2859-327F-41C7-AAE1-59518EA44194}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - T:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/18 14:11:58 | 000,000,000 | ---D | M] - T:\autorun -- [ FAT32 ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\T\Shell\AutoRun\command - "" = T:\Setup.exe -- [2008/12/03 13:38:50 | 000,319,488 | ---- | M] (Western Digital Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/21 10:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Desktop\Camera Pics as of 2013
[2013/04/13 14:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Application Data\Dropbox
[2013/04/12 13:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/03 00:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Elaine\My Documents\*.tmp files -> C:\Documents and Settings\Elaine\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/26 19:00:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/26 18:55:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1005UA.job
[2013/04/26 18:43:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1006UA.job
[2013/04/26 17:27:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro Updates.job
[2013/04/26 16:43:01 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1006Core.job
[2013/04/26 14:00:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/26 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-D4K48M91-Micky.job
[2013/04/25 21:59:35 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Schedule.job
[2013/04/25 21:48:51 | 001,571,926 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\MHS Dependent.pdf
[2013/04/25 21:44:57 | 000,550,018 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\MCPHS - Income File.pdf
[2013/04/25 21:40:59 | 000,569,226 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\checks.tif
[2013/04/25 21:37:49 | 001,571,926 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\MHS .pdf
[2013/04/25 20:44:42 | 002,986,038 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\4-25-13 error.bmp
[2013/04/25 19:55:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1005Core.job
[2013/04/25 13:27:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/04/25 11:00:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro Scan.job
[2013/04/24 22:00:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2013/04/24 04:38:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/16 12:57:33 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2013/04/14 14:52:27 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2013/04/13 12:58:31 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2013/04/13 12:57:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/12 23:10:43 | 001,571,926 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\MHS.pdf
[2013/04/12 23:09:46 | 000,486,853 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\mcphs2-p17o0lm8n489t1gk6v4m1r1u1h5c.pdf
[2013/04/12 23:09:22 | 000,521,342 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\mcphs1-p17o0llp0lf0e11ghnfb1ngn15o2.pdf
[2013/04/12 23:08:20 | 000,565,860 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\mcphs3-p17o0lo43g1grb6se1lu2f43d34.pdf
[2013/04/12 23:06:44 | 000,603,696 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\mcphs3.tif
[2013/04/12 23:05:20 | 000,521,674 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\mcphs2.tif
[2013/04/12 23:04:10 | 000,556,018 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\mcphs1.tif
[2013/04/11 21:01:41 | 005,993,974 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\obrien tax documents.pdf
[2013/04/11 20:58:58 | 000,502,281 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\page12.pdf
[2013/04/11 20:58:28 | 000,592,768 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\page11.pdf
[2013/04/11 20:58:02 | 000,304,710 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\page10.pdf
[2013/04/11 20:57:41 | 000,540,468 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\page9.pdf
[2013/04/11 20:57:02 | 000,339,315 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\page8.pdf
[2013/04/11 20:56:36 | 000,489,598 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\page7.pdf
[2013/04/11 20:38:47 | 000,657,044 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\page4.tif
[2013/04/11 20:37:23 | 000,339,472 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\page3.tif
[2013/04/11 20:36:04 | 000,703,704 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\page2.tif
[2013/04/11 12:51:21 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/11 12:51:20 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\Google Chrome.lnk
[2013/04/11 03:51:59 | 000,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/11 03:31:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/10 09:35:37 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/03 21:36:00 | 000,002,683 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\Re_ Vineyard cottage.eml
[2013/03/31 17:07:58 | 000,073,975 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\3-29-13 throat highlighted.JPG
[2013/03/31 17:06:55 | 000,154,455 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\3-29-13 throat.JPG
[2013/03/31 17:05:33 | 000,128,126 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\3-30-13 throat highlighted.JPG
[2013/03/31 17:03:54 | 000,263,117 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\3-30-13 throat.JPG
[2013/03/28 21:08:46 | 000,089,753 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\Ouraina Tsekeris.pdf
[2013/03/27 19:40:47 | 000,272,187 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\P001.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Elaine\My Documents\*.tmp files -> C:\Documents and Settings\Elaine\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/25 21:48:50 | 001,571,926 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\Mt.pdf
[2013/04/25 21:44:55 | 000,550,018 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\MCPHS - Income File.pdf
[2013/04/25 21:40:59 | 000,569,226 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\checks.tif
[2013/04/25 21:37:43 | 001,571,926 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\MHS .pdf
[2013/04/25 20:44:39 | 002,986,038 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\4-25-13 error.bmp
[2013/04/12 23:10:38 | 001,571,926 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\MS.pdf
[2013/04/12 23:09:46 | 000,486,853 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\mcphs2-p17o0lm8n489t1gk6v4m1r1u1h5c.pdf
[2013/04/12 23:09:21 | 000,521,342 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\mcphs1-p17o0llp0lf0e11ghnfb1ngn15o2.pdf
[2013/04/12 23:08:11 | 000,565,860 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\mcphs3-p17o0lo43g1grb6se1lu2f43d34.pdf
[2013/04/12 23:06:43 | 000,603,696 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\mcphs3.tif
[2013/04/12 23:05:19 | 000,521,674 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\mcphs2.tif
[2013/04/12 23:04:09 | 000,556,018 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\mcphs1.tif
[2013/04/11 21:01:22 | 005,993,974 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\o tax documents.pdf
[2013/04/11 20:58:53 | 000,502,281 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\page12.pdf
[2013/04/11 20:58:27 | 000,592,768 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\page11.pdf
[2013/04/11 20:58:01 | 000,304,710 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\page10.pdf
[2013/04/11 20:57:40 | 000,540,468 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\page9.pdf
[2013/04/11 20:57:01 | 000,339,315 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\page8.pdf
[2013/04/11 20:56:31 | 000,489,598 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\page7.pdf
[2013/04/11 20:38:46 | 000,657,044 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\page4.tif
[2013/04/11 20:37:22 | 000,339,472 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\page3.tif
[2013/04/11 20:36:03 | 000,703,704 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\page2.tif
[2013/04/03 21:36:00 | 000,002,683 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\Re_ Vineyard cottage.eml
[2013/03/31 17:07:58 | 000,073,975 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\3-29-13 throat highlighted.JPG
[2013/03/31 17:06:55 | 000,154,455 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\3-29-13 throat.JPG
[2013/03/31 17:05:13 | 000,128,126 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\3-30-13 throat highlighted.JPG
[2013/03/31 17:03:52 | 000,263,117 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\3-30-13 throat.JPG
[2013/03/28 21:08:46 | 000,089,753 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\Ouraina Tsekeris.pdf
[2013/03/27 19:40:47 | 000,272,187 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\P001.pdf
[2013/01/05 20:47:33 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2012/06/13 13:55:22 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/02/14 23:34:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/18 19:17:50 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/10/18 19:16:50 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2010/12/17 17:27:33 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/24 20:32:55 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/16 06:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/22 11:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009/03/24 20:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2013/02/25 18:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2009/03/26 13:51:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/01/05 20:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2005/08/16 22:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/04/03 19:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/12/16 06:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/02/25 18:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/06/26 14:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/08/08 01:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2013/02/25 18:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/04/18 11:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2012/12/16 21:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/09/02 22:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/04/22 18:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wal-Mart
[2013/02/25 18:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2009/03/24 22:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/07/29 21:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/06 20:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/04 11:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\acccore
[2011/10/17 22:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Canon
[2013/04/13 14:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Dropbox
[2012/04/03 18:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\IObit
[2009/03/25 00:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Leadertech
[2011/06/19 11:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\PriceGong
[2013/02/02 15:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Publish Providers
[2013/02/02 16:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Sony
[2011/03/08 12:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\TechWizard
[2011/06/16 14:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Tific
[2012/05/16 14:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\TomTom
[2010/03/22 09:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Wal-Mart
[2012/02/15 19:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Wal-Mart Digital Photo Viewer

========== Purity Check ==========



< End of report >

Edited by m125xsx, 26 April 2013 - 06:20 PM.

  • 0

Advertisements

#47
m125xsx
Posted 26 April 2013 - 06:14 PM

m125xsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
And after copying and pasting everything then running the OTL log:

OTL logfile created on: 4/26/2013 7:50:01 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Elaine\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 46.93% Memory free
3.35 Gb Paging File | 2.00 Gb Available in Paging File | 59.78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 56.42 Gb Free Space | 24.73% Space Free | Partition Type: NTFS
Drive T: | 931.28 Gb Total Space | 48.75 Gb Free Space | 5.23% Space Free | Partition Type: FAT32

Computer Name: FAMILY | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/26 19:28:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine\My Documents\Downloads\OTL.exe
PRC - [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/03/14 07:44:18 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/08 14:55:09 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/02/05 17:37:01 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/08/28 07:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/08/09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/11/14 07:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011/04/07 13:49:08 | 000,560,880 | ---- | M] (CrossLoop Inc) -- C:\Documents and Settings\Elaine\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2010/03/24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/01/22 12:38:32 | 002,749,952 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\cbInterface.exe
PRC - [2009/01/22 12:38:26 | 000,579,584 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\Cobian.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/20 21:18:32 | 000,366,400 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2005/03/23 01:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 04:57:07 | 000,390,096 | ---- | M] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 04:57:06 | 013,130,704 | ---- | M] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 04:57:05 | 004,050,896 | ---- | M] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 04:56:13 | 001,606,096 | ---- | M] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/11/14 07:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 07:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 07:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 07:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 07:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 07:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 07:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Documents and Settings\TEMP.D4K48M91\Application Data\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2013/04/12 13:39:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/14 07:44:18 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Stopped] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011/04/07 13:49:08 | 000,560,880 | ---- | M] (CrossLoop Inc) [Auto | Running] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2010/07/21 08:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/12 19:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130412.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/01/16 21:27:04 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130426.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 21:26:57 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130426.005\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/06 04:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130425.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/09 01:16:48 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/09 01:16:48 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/19 12:33:51 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/03/09 03:32:20 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/11/16 23:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/04 06:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...=en&client=dell
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {D2725E4A-E1D9-4934-B4EF-B88C2E11BE59}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1A417E79-D2EA-4EFF-B9E1-1099C9CE047A}: "URL" = http://search.lycos....y={searchTerms}
IE - HKCU\..\SearchScopes\{3A619F7A-75CC-45EC-BB37-9BEDB768097F}: "URL" = http://www.ask.com/w...src=0&o=0&l=dir
IE - HKCU\..\SearchScopes\{3DD36F8E-0564-4605-80BA-735004AF7ED6}: "URL" = http://search.yahoo....ei=utf-8&fr=ie8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...n=&geo=US&ver=1
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2856416
IE - HKCU\..\SearchScopes\{D2725E4A-E1D9-4934-B4EF-B88C2E11BE59}: "URL" = http://www.google.co...&rlz=1I7DAUS_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.4.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/15 16:05:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013/04/13 12:58:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 13:40:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/12 13:38:00 | 000,000,000 | ---D | M]

[2012/05/16 14:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Extensions
[2012/05/16 14:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Extensions\[email protected]
[2012/12/16 21:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\ztj9qtka.default\extensions
[2012/03/08 20:14:52 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\ztj9qtka.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2011/07/09 09:42:25 | 000,002,464 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\ztj9qtka.default\searchplugins\safesearch.xml
[2013/04/12 13:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/12 13:39:55 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/02 12:43:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/02 12:43:52 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: YouTube = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: We-Care.com Reminder = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.32_0\
CHR - Extension: We-Care.com Reminder = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.34_0\
CHR - Extension: Gmail = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/12/18 20:36:45 | 000,304,978 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10574 more lines...
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cobian Backup 9] C:\Program Files\Cobian Backup 9\Cobian.exe (Luis Cobian)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
O4 - HKLM..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe File not found
O4 - HKLM..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe File not found
O4 - HKLM..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe File not found
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe File not found
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask File not found
O4 - HKCU..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork File not found
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.9.113.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1237941841015 (MUWebControl Class)
O16 - DPF: {7EC816D4-6FC3-4C58-A7DA-A770EE461602} http://151.203.99.51...tdownloader.cab (PowerTerm Downloader Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D28C2859-327F-41C7-AAE1-59518EA44194}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - T:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/18 14:11:58 | 000,000,000 | ---D | M] - T:\autorun -- [ FAT32 ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\T\Shell\AutoRun\command - "" = T:\Setup.exe -- [2008/12/03 13:38:50 | 000,319,488 | ---- | M] (Western Digital Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "McShield"
MsConfig - Services: "McDetect.exe"
MsConfig - Services: "McTskshd.exe"
MsConfig - Services: "MskService"
MsConfig - Services: "mcupdmgr.exe"
MsConfig - Services: "MpfService"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29A43E48-B726-47B6-9EAC-AA2B7B48E133} - Microsoft .NET Framework 1.0 Security Update (KB2698035)
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {8BF1B8CD-9A6C-4382-A454-CC769B913F48} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {DE895E98-54B2-4180-91E1-7A0020EDF577} - Microsoft .NET Framework 1.0 Security Update (KB2742607)
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/04/21 10:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Desktop\Camera Pics as of 2013
[2013/04/13 14:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Application Data\Dropbox
[2013/04/12 13:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/03 00:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Elaine\My Documents\*.tmp files -> C:\Documents and Settings\Elaine\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/26 19:55:04 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1005UA.job
[2013/04/26 19:55:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1005Core.job
[2013/04/26 19:43:01 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1006UA.job
[2013/04/26 19:00:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/26 17:27:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro Updates.job
[2013/04/26 16:43:01 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1006Core.job
[2013/04/26 14:00:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/26 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-D4K48M91-Micky.job
[2013/04/25 21:59:35 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Schedule.job
[2013/04/25 21:48:51 | 001,571,926 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\MHS Dependent.pdf
[2013/04/25 21:44:57 | 000,550,018 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\MCPHS - Income File.pdf
[2013/04/25 21:40:59 | 000,569,226 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\checks.tif
[2013/04/25 21:37:49 | 001,571,926 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\MHS .pdf
[2013/04/25 20:44:42 | 002,986,038 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\4-25-13 error.bmp
[2013/04/25 13:27:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/04/25 11:00:03 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro Scan.job
[2013/04/24 22:00:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2013/04/24 04:38:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/16 12:57:33 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2013/04/14 14:52:27 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2013/04/13 12:58:31 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2013/04/13 12:57:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/12 23:10:43 | 001,571,926 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\MHS.pdf
[2013/04/12 23:09:46 | 000,486,853 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\mcphs2-p17o0lm8n489t1gk6v4m1r1u1h5c.pdf
[2013/04/12 23:09:22 | 000,521,342 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\mcphs1-p17o0llp0lf0e11ghnfb1ngn15o2.pdf
[2013/04/12 23:08:20 | 000,565,860 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\mcphs3-p17o0lo43g1grb6se1lu2f43d34.pdf
[2013/04/12 23:06:44 | 000,603,696 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\mcphs3.tif
[2013/04/12 23:05:20 | 000,521,674 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\mcphs2.tif
[2013/04/12 23:04:10 | 000,556,018 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\mcphs1.tif
[2013/04/11 21:01:41 | 005,993,974 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\o tax documents.pdf
[2013/04/11 20:58:58 | 000,502,281 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\page12.pdf
[2013/04/11 20:58:28 | 000,592,768 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\page11.pdf
[2013/04/11 20:58:02 | 000,304,710 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\page10.pdf
[2013/04/11 20:57:41 | 000,540,468 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\page9.pdf
[2013/04/11 20:57:02 | 000,339,315 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\page8.pdf
[2013/04/11 20:56:36 | 000,489,598 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\page7.pdf
[2013/04/11 20:38:47 | 000,657,044 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\page4.tif
[2013/04/11 20:37:23 | 000,339,472 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\page3.tif
[2013/04/11 20:36:04 | 000,703,704 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\page2.tif
[2013/04/11 12:51:21 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/11 12:51:20 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\Google Chrome.lnk
[2013/04/11 03:51:59 | 000,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/11 03:31:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/10 09:35:37 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/03 21:36:00 | 000,002,683 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\Re_ Vineyard cottage.eml
[2013/03/31 17:07:58 | 000,073,975 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\3-29-13 throat highlighted.JPG
[2013/03/31 17:06:55 | 000,154,455 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\3-29-13 throat.JPG
[2013/03/31 17:05:33 | 000,128,126 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\3-30-13 throat highlighted.JPG
[2013/03/31 17:03:54 | 000,263,117 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\3-30-13 throat.JPG
[2013/03/28 21:08:46 | 000,089,753 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\Ouraina Tsekeris.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Elaine\My Documents\*.tmp files -> C:\Documents and Settings\Elaine\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/25 21:48:50 | 001,571,926 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\MHS Dependent.pdf
[2013/04/25 21:44:55 | 000,550,018 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\MCPHS - Income File.pdf
[2013/04/25 21:40:59 | 000,569,226 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\checks.tif
[2013/04/25 21:37:43 | 001,571,926 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\MHS .pdf
[2013/04/25 20:44:39 | 002,986,038 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\4-25-13 error.bmp
[2013/04/12 23:10:38 | 001,571,926 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\MHS.pdf
[2013/04/12 23:09:46 | 000,486,853 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\mcphs2-p17o0lm8n489t1gk6v4m1r1u1h5c.pdf
[2013/04/12 23:09:21 | 000,521,342 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\mcphs1-p17o0llp0lf0e11ghnfb1ngn15o2.pdf
[2013/04/12 23:08:11 | 000,565,860 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\mcphs3-p17o0lo43g1grb6se1lu2f43d34.pdf
[2013/04/12 23:06:43 | 000,603,696 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\mcphs3.tif
[2013/04/12 23:05:19 | 000,521,674 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\mcphs2.tif
[2013/04/12 23:04:09 | 000,556,018 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\mcphs1.tif
[2013/04/11 21:01:22 | 005,993,974 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\o tax documents.pdf
[2013/04/11 20:58:53 | 000,502,281 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\page12.pdf
[2013/04/11 20:58:27 | 000,592,768 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\page11.pdf
[2013/04/11 20:58:01 | 000,304,710 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\page10.pdf
[2013/04/11 20:57:40 | 000,540,468 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\page9.pdf
[2013/04/11 20:57:01 | 000,339,315 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\page8.pdf
[2013/04/11 20:56:31 | 000,489,598 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\page7.pdf
[2013/04/11 20:38:46 | 000,657,044 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\page4.tif
[2013/04/11 20:37:22 | 000,339,472 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\page3.tif
[2013/04/11 20:36:03 | 000,703,704 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\page2.tif
[2013/04/03 21:36:00 | 000,002,683 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\Re_ Vineyard cottage.eml
[2013/03/31 17:07:58 | 000,073,975 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\3-29-13 throat highlighted.JPG
[2013/03/31 17:06:55 | 000,154,455 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\3-29-13 throat.JPG
[2013/03/31 17:05:13 | 000,128,126 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\3-30-13 throat highlighted.JPG
[2013/03/31 17:03:52 | 000,263,117 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\3-30-13 throat.JPG
[2013/03/28 21:08:46 | 000,089,753 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\Ouraina Tsekeris.pdf
[2013/01/05 20:47:33 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2012/06/13 13:55:22 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/02/14 23:34:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/18 19:17:50 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/10/18 19:16:50 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2010/12/17 17:27:33 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/24 20:32:55 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/16 06:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/22 11:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009/03/24 20:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2013/02/25 18:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2009/03/26 13:51:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/01/05 20:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2005/08/16 22:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/04/03 19:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/12/16 06:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/02/25 18:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/06/26 14:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/08/08 01:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2013/02/25 18:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/04/18 11:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2012/12/16 21:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/09/02 22:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/04/22 18:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wal-Mart
[2013/02/25 18:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2009/03/24 22:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/07/29 21:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/06 20:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/04 11:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\acccore
[2011/10/17 22:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Canon
[2013/04/13 14:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Dropbox
[2012/04/03 18:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\IObit
[2009/03/25 00:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Leadertech
[2011/06/19 11:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\PriceGong
[2013/02/02 15:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Publish Providers
[2013/02/02 16:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Sony
[2011/03/08 12:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\TechWizard
[2011/06/16 14:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Tific
[2012/05/16 14:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\TomTom
[2010/03/22 09:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Wal-Mart
[2012/02/15 19:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Wal-Mart Digital Photo Viewer

========== Purity Check ==========



========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD2500JS-75NCB1
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media
Interface type: USB
Media Type: Fixed\thard disk media
Model: WD 10EADS External USB Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Canon MP830Storage USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 55.00MB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 228.00GB
Starting Offset: 57576960
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 5.00GB
Starting Offset: 245006415360
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/04/04 11:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\acccore
[2012/06/27 17:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Adobe
[2013/02/02 14:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Apple Computer
[2011/10/17 22:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Canon
[2009/03/24 22:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Corel Photo Album
[2013/04/13 14:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Dropbox
[2010/04/04 14:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Google
[2009/03/26 15:11:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Elaine\Application Data\Gtek
[2005/08/16 06:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Identities
[2012/04/03 18:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\IObit
[2009/03/25 00:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Leadertech
[2009/03/24 20:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Macromedia
[2009/03/24 20:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Malwarebytes
[2009/03/24 20:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\McAfee.com Personal Firewall
[2010/11/16 18:20:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Elaine\Application Data\Microsoft
[2011/03/08 12:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Motive
[2010/05/20 21:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Mozilla
[2011/06/19 11:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\PriceGong
[2013/02/02 15:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Publish Providers
[2009/03/25 00:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Sonic
[2013/02/02 16:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Sony
[2010/10/25 20:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Sony Corporation
[2006/03/09 03:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Sun
[2011/03/08 12:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\TechWizard
[2011/06/16 14:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Tific
[2012/05/16 14:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\TomTom
[2010/03/22 09:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Wal-Mart
[2012/02/15 19:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Wal-Mart Digital Photo Viewer

< MD5 for: ATAPI.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/13 20:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\csrss.exe
[2008/04/14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2004/08/10 07:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\i386\csrss.exe
[2004/08/10 07:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
[2004/08/10 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/06/20 13:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 13:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/10 07:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\i386\mswsock.dll
[2004/08/10 07:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/04/13 20:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/14 05:42:04 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
[2008/04/13 20:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\nwprovau.dll
[2008/04/14 05:42:04 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll
[2004/08/10 07:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\i386\nwprovau.dll
[2004/08/10 07:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\$NtServicePackUninstall$\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2004/08/10 07:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\i386\pnrpnsp.dll
[2004/08/10 07:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\$NtServicePackUninstall$\pnrpnsp.dll
[2008/04/14 05:42:04 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
[2008/04/13 20:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\pnrpnsp.dll
[2008/04/14 05:42:04 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: RSVPSP.DLL >
[2008/04/14 05:42:06 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\ServicePackFiles\i386\rsvpsp.dll
[2008/04/13 20:12:04 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\rsvpsp.dll
[2008/04/14 05:42:06 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\system32\rsvpsp.dll
[2004/08/10 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=90491683ABD587C702B16F181AB0D99D -- C:\i386\rsvpsp.dll
[2004/08/10 07:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=90491683ABD587C702B16F181AB0D99D -- C:\WINDOWS\$NtServicePackUninstall$\rsvpsp.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/10 07:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe
[2004/08/10 07:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/10 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USER32.DLL >
[2008/04/14 05:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\user32.dll
[2008/04/14 05:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2004/08/10 07:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\i386\user32.dll
[2004/08/10 07:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

< MD5 for: USERINIT.EXE >
[2004/08/10 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/10 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/10 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004/08/10 07:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\i386\winrnr.dll
[2004/08/10 07:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll
[2008/04/14 05:42:10 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
[2008/04/13 20:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winrnr.dll
[2008/04/14 05:42:10 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< C:\Windows\assembly\tmp\U\*.* /s >
[2005/08/16 06:18:26 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2005/08/16 06:49:41 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/06/29 20:33:32 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/06/29 20:33:33 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2010/03/16 13:04:01 | 000,000,386 | ---- | C] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2011/07/29 20:52:49 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2011/10/18 19:19:06 | 000,000,282 | ---- | C] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
[2012/05/25 10:20:25 | 000,000,930 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1006Core.job
[2012/05/25 10:20:26 | 000,000,982 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1006UA.job
[2012/06/26 14:02:40 | 000,000,342 | ---- | C] () -- C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-D4K48M91-Micky.job
[2012/08/13 19:53:04 | 000,000,926 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1005Core.job
[2012/08/13 19:53:10 | 000,000,978 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1005UA.job
[2013/02/25 18:37:08 | 000,000,410 | ---- | C] () -- C:\WINDOWS\Tasks\PC Optimizer Pro startups.job
[2013/02/25 18:37:12 | 000,000,438 | ---- | C] () -- C:\WINDOWS\Tasks\PC Optimizer Pro Updates.job
[2013/02/25 18:37:23 | 000,000,406 | ---- | C] () -- C:\WINDOWS\Tasks\PC Optimizer Pro Scan.job
[2013/03/05 22:08:53 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\SmartDefrag_Schedule.job

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Micky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/04/12 13:39:30 | 000,865,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/04/12 13:39:30 | 000,865,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/04/12 13:39:30 | 000,865,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/04/12 13:39:55 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/04/12 13:39:55 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/04/12 13:39:55 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JEALA7WR76LYENLFJO2ZDOJY6I\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Micky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JEALA7WR76LYENLFJO2ZDOJY6I\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Micky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JEALA7WR76LYENLFJO2ZDOJY6I\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Micky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JEALA7WR76LYENLFJO2ZDOJY6I\shell\open\command\\: "C:\Documents and Settings\Micky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/03/01 21:08:48 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/03/01 21:08:48 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/03/01 21:08:48 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Micky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/04/12 13:39:30 | 000,865,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/04/12 13:39:30 | 000,865,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/04/12 13:39:30 | 000,865,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/04/12 13:39:55 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/04/12 13:39:55 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/04/12 13:39:55 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JEALA7WR76LYENLFJO2ZDOJY6I\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Micky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JEALA7WR76LYENLFJO2ZDOJY6I\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Micky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JEALA7WR76LYENLFJO2ZDOJY6I\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Micky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JEALA7WR76LYENLFJO2ZDOJY6I\shell\open\command\\: "C:\Documents and Settings\Micky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/03/01 21:08:48 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/03/01 21:08:48 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/03/01 21:08:48 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2008/04/14 05:42:18 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\dialer.exe
[2004/08/10 07:00:00 | 000,013,312 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\htrn_jis.dll
[2004/08/10 07:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\hypertrm.exe
[2009/11/20 07:14:51 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd6.wpc
[2010/12/21 08:51:53 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd8.wpc
[2010/07/12 08:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/11/20 07:14:50 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\write.wpc
[2004/08/10 07:00:00 | 000,003,947 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\FONT.DAT
[2004/08/10 07:00:00 | 000,928,700 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.DAT
[2008/04/14 05:42:32 | 000,281,088 | ---- | M] (Cinematronics) -- C:\Program Files\WINDOWS NT\Pinball\pinball.exe
[2004/08/10 07:00:00 | 000,108,607 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.MID
[2004/08/10 07:00:00 | 000,028,888 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL2.MID
[2004/08/10 07:00:00 | 000,055,490 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND1.WAV
[2004/08/10 07:00:00 | 000,001,226 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND104.WAV
[2004/08/10 07:00:00 | 000,001,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND105.WAV
[2004/08/10 07:00:00 | 000,007,754 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND108.WAV
[2004/08/10 07:00:00 | 000,000,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND111.WAV
[2004/08/10 07:00:00 | 000,000,824 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND112.WAV
[2004/08/10 07:00:00 | 000,004,296 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND12.WAV
[2004/08/10 07:00:00 | 000,008,034 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND13.WAV
[2004/08/10 07:00:00 | 000,001,290 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND131.WAV
[2004/08/10 07:00:00 | 000,019,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND136.WAV
[2004/08/10 07:00:00 | 000,003,002 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND14.WAV
[2004/08/10 07:00:00 | 000,001,046 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND16.WAV
[2004/08/10 07:00:00 | 000,002,090 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND17.WAV
[2004/08/10 07:00:00 | 000,003,986 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND18.WAV
[2004/08/10 07:00:00 | 000,027,472 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND181.WAV
[2004/08/10 07:00:00 | 000,005,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND19.WAV
[2004/08/10 07:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND20.WAV
[2004/08/10 07:00:00 | 000,009,194 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND21.WAV
[2004/08/10 07:00:00 | 000,007,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND22.WAV
[2004/08/10 07:00:00 | 000,012,106 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND24.WAV
[2004/08/10 07:00:00 | 000,014,600 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND240.WAV
[2004/08/10 07:00:00 | 000,020,712 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND243.WAV
[2004/08/10 07:00:00 | 000,025,704 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND25.WAV
[2004/08/10 07:00:00 | 000,007,306 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND26.WAV
[2004/08/10 07:00:00 | 000,020,242 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND27.WAV
[2004/08/10 07:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND28.WAV
[2004/08/10 07:00:00 | 000,010,364 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND29.WAV
[2004/08/10 07:00:00 | 000,022,858 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND3.WAV
[2004/08/10 07:00:00 | 000,022,570 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND30.WAV
[2004/08/10 07:00:00 | 000,001,520 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND34.WAV
[2004/08/10 07:00:00 | 000,019,498 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND35.WAV
[2004/08/10 07:00:00 | 000,033,848 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND36.WAV
[2004/08/10 07:00:00 | 000,013,024 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND38.WAV
[2004/08/10 07:00:00 | 000,028,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND39.WAV
[2004/08/10 07:00:00 | 000,016,626 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND4.WAV
[2004/08/10 07:00:00 | 000,029,140 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND42.WAV
[2004/08/10 07:00:00 | 000,022,796 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND43.WAV
[2004/08/10 07:00:00 | 000,009,770 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND45.WAV
[2004/08/10 07:00:00 | 000,001,876 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49.WAV
[2004/08/10 07:00:00 | 000,003,330 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49D.WAV
[2004/08/10 07:00:00 | 000,003,180 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND5.WAV
[2004/08/10 07:00:00 | 000,012,074 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND50.WAV
[2004/08/10 07:00:00 | 000,008,932 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND528.WAV
[2004/08/10 07:00:00 | 000,009,022 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND53.WAV
[2004/08/10 07:00:00 | 000,018,250 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND54.WAV
[2004/08/10 07:00:00 | 000,021,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND55.WAV
[2004/08/10 07:00:00 | 000,029,004 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND560.WAV
[2004/08/10 07:00:00 | 000,024,192 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND563.WAV
[2004/08/10 07:00:00 | 000,030,502 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND57.WAV
[2004/08/10 07:00:00 | 000,003,408 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND58.WAV
[2004/08/10 07:00:00 | 000,004,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND6.WAV
[2004/08/10 07:00:00 | 000,017,676 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND65.WAV
[2004/08/10 07:00:00 | 000,032,402 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND68.WAV
[2004/08/10 07:00:00 | 000,026,442 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND7.WAV
[2004/08/10 07:00:00 | 000,014,592 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND713.WAV
[2004/08/10 07:00:00 | 000,027,268 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND735.WAV
[2004/08/10 07:00:00 | 000,002,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND8.WAV
[2004/08/10 07:00:00 | 000,047,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND827.WAV
[2004/08/10 07:00:00 | 000,020,098 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND9.WAV
[2004/08/10 07:00:00 | 000,006,742 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND999.WAV
[2004/08/10 07:00:00 | 000,339,178 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\table.bmp
[2004/08/10 07:00:00 | 000,002,687 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\wavemix.inf

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >
















anddddddddddddddd

OTL Extras logfile created on: 4/26/2013 7:50:01 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Elaine\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 46.93% Memory free
3.35 Gb Paging File | 2.00 Gb Available in Paging File | 59.78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 56.42 Gb Free Space | 24.73% Space Free | Partition Type: NTFS
Drive T: | 931.28 Gb Total Space | 48.75 Gb Free Space | 5.23% Space Free | Partition Type: FAT32

Computer Name: FAMILY | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"12548:TCP" = 12548:TCP:*:Enabled:BitComet 12548 TCP
"12548:UDP" = 12548:UDP:*:Enabled:BitComet 12548 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Ericom Software\PowerTerm WebConnect 5.6\151.203.99.51\ptermX.exe" = C:\Program Files\Ericom Software\PowerTerm WebConnect 5.6\151.203.99.51\ptermX.exe:*:Enabled:PowerTerm WebConnect HostView -- (Ericom Software)
"C:\Program Files\NovaLogic\Delta Force Xtreme 2 BETA\DFX2BETA.EXE" = C:\Program Files\NovaLogic\Delta Force Xtreme 2 BETA\DFX2BETA.EXE:*:Enabled:Delta Force Xtreme 2 BETA
"C:\Program Files\NovaLogic\Delta Force Xtreme 2 BETA\UPDATE.EXE" = C:\Program Files\NovaLogic\Delta Force Xtreme 2 BETA\UPDATE.EXE:*:Enabled:Delta Force Xtreme 2 BETA
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{219CB444-F2B6-4A17-8A76-BB7847F3DB26}" = Sony DVD Architect 4.0
"{24A71701-4BFD-4228-97B3-7D739195EC67}" = Walmart Digital Photo Manager
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.2.4902
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{40D36ECF-FA05-4077-B836-C439CD0DDEF1}" = Vz In Home Agent
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46D96745-1556-4266-B46F-4BA0277708B5}" = Sony Media Manager 2.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6558E2A-FAF9-4570-AA49-6328D0354517}" = SavetheChildren Reminder by We-Care.com v4.1.21.4
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3D20E33-58AF-4CC3-954D-302D66A59FDD}" = Sony Vegas 7.0
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EFD9D95A-D2CB-403C-9B52-B070B8EC2BF1}" = Oriens RAWConverter
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"7-Zip" = 7-Zip 9.20
"7-Zip 9.20" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM Search" = AIM Search
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CobBackup9" = Cobian Backup 9
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CrossLoop_is1" = CrossLoop 2.75
"Cyberduck" = Cyberduck 4.2.1 (9350)
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{EFD9D95A-D2CB-403C-9B52-B070B8EC2BF1}" = Oriens RAWConverter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.1.0.530
"Nero - Burning Rom" = Nero - Burning Rom
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NST" = Norton Safe Web Lite
"PC Optimizer Pro" = PC Optimizer Pro
"Picasa2" = Picasa 2
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"SendToKindle" = Amazon Send to Kindle
"Smart Defrag 2_is1" = Smart Defrag 2
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Speccy" = Speccy
"Trials Construction Yard" = Trials Construction Yard (remove only)
"Verizon Help and Support" = Verizon Help and Support Tool
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/22/2013 3:02:04 AM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 4/22/2013 3:02:04 AM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 4/23/2013 3:07:35 AM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 4/23/2013 3:07:36 AM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 4/24/2013 3:01:43 AM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 4/24/2013 3:01:43 AM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 4/25/2013 3:02:03 AM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 4/25/2013 3:02:03 AM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 4/26/2013 3:02:54 AM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

Error - 4/26/2013 3:02:54 AM | Computer Name = FAMILY | Source = MsiInstaller | ID = 11714
Description = Product: Microsoft Visual C++ 2005 Redistributable -- Error 1714.The
older version of Microsoft Visual C++ 2005 Redistributable cannot be removed.
Contact your technical support group. System Error 1612.

[ System Events ]
Error - 4/26/2013 4:10:58 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%193

Error - 4/26/2013 4:10:59 PM | Computer Name = FAMILY | Source = Rasman | ID = 20063
Description = Remote Access Connection Manager failed to start because the Point
to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Error - 4/26/2013 4:10:59 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%193

Error - 4/26/2013 4:11:01 PM | Computer Name = FAMILY | Source = Rasman | ID = 20063
Description = Remote Access Connection Manager failed to start because the Point
to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Error - 4/26/2013 4:11:01 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%193

Error - 4/26/2013 4:11:01 PM | Computer Name = FAMILY | Source = Rasman | ID = 20063
Description = Remote Access Connection Manager failed to start because the Point
to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Error - 4/26/2013 7:27:41 PM | Computer Name = FAMILY | Source = Rasman | ID = 20063
Description = Remote Access Connection Manager failed to start because the Point
to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Error - 4/26/2013 7:27:42 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%193

Error - 4/26/2013 7:27:42 PM | Computer Name = FAMILY | Source = Rasman | ID = 20063
Description = Remote Access Connection Manager failed to start because the Point
to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Error - 4/26/2013 7:27:43 PM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7023
Description = The Remote Access Connection Manager service terminated with the following
error: %%193


< End of report >

Edited by m125xsx, 26 April 2013 - 06:22 PM.

  • 0

#48
RKinner
Posted 26 April 2013 - 11:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Don't see an attachment. Do see you tried to remove McAfee and install Symantec. As usual McAfee did not remove cleanly.

Download and save the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
run the tool by double clicking.




Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option     Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.


Start, Run, services.msc, OK find the Remote Access Connection Manager service and right click and select Properties. Change the Startup Type: to Manual and then OK.


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Also run OTL as before and paste both logs.

Ron
  • 0

#49
m125xsx
Posted 04 June 2013 - 05:09 PM

m125xsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
MCAFEE CLEANUP
June 04, 2013 18:56:34
June 04, 2013 19:03:38
INFO Cleanup finished running using Task Scheduler.
FAIL The products were not successfully removed by the scheduled cleanup.

Please see the attached file for the full log.

Attached Files


  • 0

#50
m125xsx
Posted 04 June 2013 - 05:33 PM

m125xsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
# AdwCleaner v2.301 - Logfile created 06/04/2013 at 18:58:19
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Elaine - FAMILY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Elaine\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Yontoo Desktop Updater

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\ztj9qtka.default\searchplugins\safesearch.xml
File Deleted : C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\9b3t8r0b.default\searchplugins\safesearch.xml
File Deleted : C:\Documents and Settings\Micky\Application Data\Mozilla\Firefox\Profiles\vti94ul8.default\searchplugins\safesearch.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\Elaine\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Elaine\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Megan\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Megan\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Megan\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\Micky\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Micky\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Micky\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\Micky\Local Settings\Application Data\Zoom_Downloader
Folder Deleted : C:\Documents and Settings\Mike\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Mike\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Mike\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\TEMP.D4K48M91\Application Data\Mozilla\Firefox\Profiles\8f005d3h.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\TEMP.D4K48M91\Application Data\Mozilla\Firefox\Profiles\8f005d3h.default\extensions\staged
Folder Deleted : C:\Documents and Settings\TEMP.D4K48M91\Application Data\Mozilla\Firefox\Profiles\8f005d3h.default\extensions\wecarereminder@bryan
Folder Deleted : C:\Documents and Settings\TEMP.D4K48M91\Application Data\Yontoo
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Yontoo

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2856416
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pc optimizer pro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer pro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\Software\pc optimizer pro
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\Micky\Application Data\Mozilla\Firefox\Profiles\vti94ul8.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\ztj9qtka.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\TEMP.D4K48M91\Application Data\Mozilla\Firefox\Profiles\8f005d3h.default\prefs.js

C:\Documents and Settings\TEMP.D4K48M91\Application Data\Mozilla\Firefox\Profiles\8f005d3h.default\user.js ... Deleted !

Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]

File : C:\Documents and Settings\Megan\Application Data\Mozilla\Firefox\Profiles\9b3t8r0b.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\lm09n896.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Documents and Settings\Micky\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Megan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8321 octets] - [04/06/2013 18:58:19]

########## EOF - C:\AdwCleaner[S1].txt - [8381 octets] ##########
  • 0

#51
m125xsx
Posted 04 June 2013 - 07:40 PM

m125xsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 04/06/2013 9:39:32 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/06/2013 9:37:41 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:37:41 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:37:40 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:37:40 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:37:36 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:37:36 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:37:28 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:37:28 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:37:16 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:37:16 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:36:55 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:36:55 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:36:55 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:36:55 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:36:48 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:36:48 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:36:46 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:36:46 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:36:45 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application.

Log: 'System' Date/Time: 04/06/2013 9:36:45 PM
Type: error Category: 0
Event: 20063 Source: Rasman
Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. %1 is not a valid Win32 application.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#52
m125xsx
Posted 04 June 2013 - 08:09 PM

m125xsx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
OTL logfile created on: 6/4/2013 9:46:21 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Elaine\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.54 Gb Available Physical Memory | 26.86% Memory free
3.35 Gb Paging File | 2.00 Gb Available in Paging File | 59.70% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 48.19 Gb Free Space | 21.13% Space Free | Partition Type: NTFS
Drive T: | 931.28 Gb Total Space | 13.01 Gb Free Space | 1.40% Space Free | Partition Type: FAT32

Computer Name: FAMILY | User Name: Elaine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/04 21:44:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine\Desktop\OTL.exe
PRC - [2013/05/10 00:43:24 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/05/02 03:00:48 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/03/14 07:44:18 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/05 01:18:40 | 000,894,344 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/12/13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/08/28 07:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/11/14 07:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/08/25 10:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011/04/07 13:49:08 | 000,560,880 | ---- | M] (CrossLoop Inc) -- C:\Documents and Settings\Elaine\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
PRC - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
PRC - [2010/03/24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/03/17 16:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/01/22 12:38:32 | 002,749,952 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\cbInterface.exe
PRC - [2009/01/22 12:38:26 | 000,579,584 | ---- | M] (Luis Cobian) -- C:\Program Files\Cobian Backup 9\Cobian.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/20 21:18:32 | 000,366,400 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2005/03/23 01:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/30 05:31:54 | 001,223,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\efd6c3dbf1452513cec499472039e552\System.WorkflowServices.ni.dll
MOD - [2013/05/30 05:28:09 | 001,086,464 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\43ac84e019b1aea6798956c8208b88a0\System.ServiceModel.Web.ni.dll
MOD - [2013/05/30 05:25:08 | 001,925,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\d18187c762448a468078994d91a82d3f\System.Web.Services.ni.dll
MOD - [2013/05/25 22:14:29 | 000,369,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f48df2def4ab7adbec177d09304fa968\System.ServiceModel.Routing.ni.dll
MOD - [2013/05/25 22:14:14 | 001,140,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4ed7a5c1d17eddc7c6865387ebf87d78\System.ServiceModel.Discovery.ni.dll
MOD - [2013/05/25 22:14:08 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\66014008c2c7c93083d339eca8968599\System.ServiceModel.Channels.ni.dll
MOD - [2013/05/25 22:10:41 | 001,392,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6f524046ef7bf850ea8c04e8d28cca9e\System.ServiceModel.Activities.ni.dll
MOD - [2013/05/25 22:09:15 | 001,072,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\5331e2a2a540741ff7e059325f09d71d\System.IdentityModel.ni.dll
MOD - [2013/05/25 22:08:31 | 018,058,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\33b7825dee4531fc1965e688ddd7206f\System.ServiceModel.ni.dll
MOD - [2013/05/25 21:26:43 | 001,021,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\74eb82c680dbf0e552dd4778ca62b991\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/05/25 21:25:35 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0a85abdf3bfc97adf0e3f9bd9d3e4cd5\SMDiagnostics.ni.dll
MOD - [2013/05/25 21:24:20 | 002,647,040 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8656217a821305f331b04ee380315960\System.Runtime.Serialization.ni.dll
MOD - [2013/05/25 21:23:33 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\c7987c235dbaa3b715f4d155cb94092c\System.ServiceProcess.ni.dll
MOD - [2013/05/25 21:13:43 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\54535b4632ee5a94bdee7552e944fd2c\System.EnterpriseServices.ni.dll
MOD - [2013/05/25 21:13:40 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\54535b4632ee5a94bdee7552e944fd2c\System.EnterpriseServices.Wrapper.dll
MOD - [2013/05/25 21:12:43 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\a44ea3e58dc5333207ff25a4a6833970\System.Transactions.ni.dll
MOD - [2013/05/25 20:02:56 | 006,811,136 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\246e0a6c6fc887ca9c75e200dc3fab61\System.Data.ni.dll
MOD - [2013/05/25 19:56:01 | 005,617,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\1ddf7032142b70afe2f596fae69d4b04\System.Xml.ni.dll
MOD - [2013/05/25 19:54:29 | 000,982,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\583307be6bc4d91abb047cb583095854\System.Configuration.ni.dll
MOD - [2013/05/25 19:47:40 | 007,069,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a3d212974e24a90bae285273793fcfa5\System.Core.ni.dll
MOD - [2013/05/25 19:46:21 | 009,091,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\9ad2158ac8d14333d1eee1118951fb88\System.ni.dll
MOD - [2013/05/15 03:43:22 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll
MOD - [2013/05/15 03:28:22 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2013/02/14 04:38:52 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/05 00:21:38 | 000,744,992 | ---- | M] () -- C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
MOD - [2013/02/05 00:21:38 | 000,106,016 | ---- | M] () -- C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
MOD - [2013/02/05 00:21:38 | 000,049,184 | ---- | M] () -- C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
MOD - [2013/02/05 00:21:38 | 000,039,456 | ---- | M] () -- C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
MOD - [2013/01/09 04:40:33 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013/01/09 04:38:05 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3283b562a391db4f3f6dcee754de15a8\CustomMarshalers.ni.dll
MOD - [2013/01/09 04:35:06 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/09 04:31:32 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/09 04:30:51 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/10/23 03:37:07 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2011/11/14 07:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 07:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 07:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 07:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 07:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 07:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 07:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2013/05/26 00:06:38 | 001,064,312 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FlexNet Licensing Service)
SRV - [2013/04/12 13:39:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/14 07:44:18 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/12/13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011/04/07 13:49:08 | 000,560,880 | ---- | M] (CrossLoop Inc) [Auto | Running] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/11/23 22:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe -- (NSL)
SRV - [2010/07/21 08:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/05/31 12:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130531.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/21 23:55:45 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130604.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/21 23:55:43 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130604.016\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/06 04:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130604.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/09 01:16:48 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/09 01:16:48 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/19 12:33:51 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 21:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/03/09 03:32:20 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/11/16 23:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/04 06:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co...=en&client=dell
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {D2725E4A-E1D9-4934-B4EF-B88C2E11BE59}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1A417E79-D2EA-4EFF-B9E1-1099C9CE047A}: "URL" = http://search.lycos....y={searchTerms}
IE - HKCU\..\SearchScopes\{3A619F7A-75CC-45EC-BB37-9BEDB768097F}: "URL" = http://www.ask.com/w...src=0&o=0&l=dir
IE - HKCU\..\SearchScopes\{3DD36F8E-0564-4605-80BA-735004AF7ED6}: "URL" = http://search.yahoo....ei=utf-8&fr=ie8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{D2725E4A-E1D9-4934-B4EF-B88C2E11BE59}: "URL" = http://www.google.co...&rlz=1I7DAUS_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.4.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/15 16:05:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013/06/04 19:40:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 13:40:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/12 13:38:00 | 000,000,000 | ---D | M]

[2012/05/16 14:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Extensions
[2012/05/16 14:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Extensions\[email protected]
[2012/12/16 21:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\ztj9qtka.default\extensions
[2012/03/08 20:14:52 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\ztj9qtka.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/04/12 13:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/03 08:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/06/03 08:06:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/12 13:39:55 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/02 12:43:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/02 12:43:52 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: We-Care.com Reminder = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.34_0\
CHR - Extension: Gmail = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/12/18 20:36:45 | 000,304,978 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10574 more lines...
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cobian Backup 9] C:\Program Files\Cobian Backup 9\Cobian.exe (Luis Cobian)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKCU..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Elaine\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork File not found
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.9.113.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1237941841015 (MUWebControl Class)
O16 - DPF: {7EC816D4-6FC3-4C58-A7DA-A770EE461602} http://151.203.99.51...tdownloader.cab (PowerTerm Downloader Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D28C2859-327F-41C7-AAE1-59518EA44194}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/25 17:42:03 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2005/08/16 06:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 13:19:36 | 000,000,052 | RHS- | M] () - T:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/18 14:11:58 | 000,000,000 | ---D | M] - T:\autorun -- [ FAT32 ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\T\Shell\AutoRun\command - "" = T:\Setup.exe -- [2008/12/03 13:38:50 | 000,319,488 | ---- | M] (Western Digital Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/04 21:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Desktop\Misc Items
[2013/06/04 21:44:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elaine\Desktop\OTL.exe
[2013/05/29 20:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\cache
[2013/05/29 20:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2013/05/26 02:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FARO
[2013/05/26 01:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\My Documents\Autodesk
[2013/05/26 01:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\My Documents\Inventor Server SDK ACA 2014
[2013/05/26 00:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2013/05/25 22:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Autodesk
[2013/05/25 22:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Autodesk
[2013/05/25 21:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2013/05/25 21:11:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
[2013/05/25 21:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2013/05/25 18:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Application Data\Autodesk
[2013/05/25 18:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2013/05/25 17:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Akamai
[2013/05/25 17:33:40 | 000,000,000 | ---D | C] -- C:\Autodesk
[2013/05/16 15:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Elaine\My Documents\*.tmp files -> C:\Documents and Settings\Elaine\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/04 21:55:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1005UA.job
[2013/06/04 21:48:02 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1006UA.job
[2013/06/04 21:44:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine\Desktop\OTL.exe
[2013/06/04 21:08:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/04 19:58:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/04 19:58:27 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2013/06/04 19:58:27 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2013/06/04 19:55:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1005Core.job
[2013/06/04 19:39:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/04 19:10:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Schedule.job
[2013/06/04 11:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro Scan.job
[2013/06/04 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-D4K48M91-Micky.job
[2013/06/04 00:48:03 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3210623809-1460878786-38797900-1006Core.job
[2013/06/03 22:00:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2013/06/03 21:47:42 | 000,400,075 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\drawing test.dwg
[2013/06/03 17:27:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro Updates.job
[2013/05/30 21:36:59 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2013/05/30 13:28:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/30 04:22:14 | 000,521,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/30 04:22:14 | 000,096,652 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/29 19:41:18 | 000,238,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/29 07:09:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/26 02:52:43 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk ReCap.lnk
[2013/05/26 02:42:42 | 000,003,896 | ---- | M] () -- C:\{CB75EBC0-B827-4556-A39B-4DB8BBE91D83}
[2013/05/26 02:22:29 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk 360.lnk
[2013/05/26 01:50:58 | 000,002,093 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Architecture 2014 - English (Global).lnk
[2013/05/26 00:09:16 | 000,000,147 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2013/05/23 20:04:41 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/23 20:04:24 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\Google Chrome.lnk
[2013/05/15 03:36:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Elaine\My Documents\*.tmp files -> C:\Documents and Settings\Elaine\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/04 19:15:00 | 000,219,470 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/03 21:28:53 | 000,400,075 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\drawing test.dwg
[2013/05/26 02:52:27 | 000,001,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk ReCap.lnk
[2013/05/26 02:42:42 | 000,003,896 | ---- | C] () -- C:\{CB75EBC0-B827-4556-A39B-4DB8BBE91D83}
[2013/05/26 02:22:28 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk 360.lnk
[2013/05/26 01:50:57 | 000,002,093 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD Architecture 2014 - English (Global).lnk
[2013/05/26 00:09:16 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2013/01/05 20:47:33 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2012/06/13 13:55:22 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/02/14 23:34:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/18 19:17:50 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/10/18 19:16:50 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2010/12/17 17:27:33 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/24 20:32:55 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/16 06:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/22 11:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009/03/24 20:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2013/05/29 20:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/03/26 13:51:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/01/05 20:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2005/08/16 22:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2013/05/26 02:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FARO
[2012/04/03 19:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/12/16 06:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/02/25 18:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
[2012/06/26 14:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/08/08 01:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/04/18 11:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2012/09/02 22:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/04/22 18:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wal-Mart
[2009/03/24 22:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/07/29 21:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/06 20:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/04 11:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\acccore
[2013/05/29 20:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Autodesk
[2011/10/17 22:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Canon
[2013/04/13 14:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Dropbox
[2012/04/03 18:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\IObit
[2009/03/25 00:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Leadertech
[2013/02/02 15:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Publish Providers
[2013/02/02 16:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Sony
[2011/03/08 12:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\TechWizard
[2011/06/16 14:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Tific
[2012/05/16 14:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\TomTom
[2010/03/22 09:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Wal-Mart
[2012/02/15 19:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Wal-Mart Digital Photo Viewer

========== Purity Check ==========



< End of report >
  • 0

#53
RKinner
Posted 24 June 2013 - 07:36 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Sorry for the delay. Was on vacation.

"The Remote Access Connection Manager service terminated with the following error: %1 is not a valid Win32 application. " This error needs to be fixed.

Copy the next line:

reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan" /s > "%userprofile%\Desktop\junk.txt"

Start, Run, cmd , OK then right click and Paste or Edit then Paste and the copied line should appear. Hit Enter. Close the command window. You should see a file junk.txt on your desktop. Attach it to your next reply.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP