Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please check my HijackThis results ASAP! [Solved]

Started by Joey23 , Mar 14 2013 09:01 AM

  • This topic is locked This topic is locked

#1
Joey23
Posted 14 March 2013 - 09:01 AM

Joey23

    Member

  • Member
  • PipPip
  • 16 posts
Hello,

My laptop was infected to the point I couldn't open any file. Then I took this advice of installing malware and HijackThis >> http://dynamicdrive....-backdoor-virus

I finished the malware program and removed all the threats.
I just did the HijackThis one and couldn't understand the results. Therefore I came here. Can someone PLEASE analyze my results and direct me what to do next.

Thank you in advance!

My results from HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:30:39 AM, on 15/03/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Users\Joesphine\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\CVision\License\CVistaMonitor.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Users\Joesphine\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://suscopts.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....3-AAA66749ACB8}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo...s=1&affID=17393
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient_2.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Quick Media Converter Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Joesphine\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: CVista Monitor.lnk = C:\Program Files (x86)\CVision\License\CVistaMonitor.exe
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.c...s/ebraryRdr.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (DNL Reader) - http://www.digitalwe...er/dbplugin.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CVISION PdfCompressor Watched Folder Service (CVCompressionService) - CVISION Technologies - C:\Program Files (x86)\CVision\PdfCompressor 5.0\Service\CVCompressionService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: CVISION PdfCompressor Communication Service (PdfCompressorFtpService) - CVISION Technologies Inc. - C:\Program Files (x86)\CVision\PdfCompressor 5.0\ftpsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17463 bytes
  • 0

Advertisements

#2
Buddierdl
Posted 14 March 2013 - 09:18 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

Now that you are working with me, please refrain from running any fixes or scans that I don't instruct you to, as this will confuse my efforts.

HijackThis no longer provides enough information. Please download and run the scan below:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
Joey23
Posted 14 March 2013 - 10:11 AM

Joey23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thank you very much for your time! I appreciate it! :)

I'm currently scanning it. Can I get back you in 9 hours time, as it is around 2:00am now where I live.
And sure, I won't try any other fixes or scans unless you prompt it.

Thank you once again.
  • 0

#4
Joey23
Posted 14 March 2013 - 10:20 AM

Joey23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
hold on...
The scan completed.

OTL:

OTL logfile created on: 3/15/2013 1:42:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joesphine\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.17 Gb Available Physical Memory | 9.23% Memory free
3.73 Gb Paging File | 1.59 Gb Available in Paging File | 42.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.01 Gb Total Space | 326.35 Gb Free Space | 72.84% Space Free | Partition Type: NTFS
Drive D: | 17.45 Gb Total Space | 2.51 Gb Free Space | 14.38% Space Free | Partition Type: NTFS
Drive Z: | 2.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32

Computer Name: JOESPHINE-HP | User Name: Joesphine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/15 01:35:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joesphine\Downloads\OTL.exe
PRC - [2013/03/14 22:25:49 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/03/14 22:25:49 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012/05/29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012/05/14 00:06:18 | 000,776,704 | ---- | M] (CVISION Technologies) -- C:\Program Files (x86)\CVision\License\CVistaMonitor.exe
PRC - [2012/05/14 00:02:18 | 000,162,816 | ---- | M] (CVISION Technologies Inc.) -- C:\Program Files (x86)\CVision\PdfCompressor 5.0\ftpsvc.exe
PRC - [2012/03/16 00:06:10 | 000,250,528 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
PRC - [2012/02/26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/04/17 10:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe
PRC - [2011/02/19 00:15:54 | 003,373,456 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010/11/10 08:16:22 | 000,154,816 | ---- | M] (Zecter Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/09/29 17:55:32 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/04/06 05:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2009/10/01 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/03 11:40:40 | 002,328,576 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009/07/03 11:40:30 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/15 01:25:45 | 000,295,424 | ---- | M] () -- C:\Users\Joesphine\AppData\Local\Temp\WindowsFolderWatcher.dll4144848446438599704.lib
MOD - [2013/03/15 01:25:34 | 000,389,632 | ---- | M] () -- C:\Users\Joesphine\AppData\Local\Temp\WindowsZFSJNI.dll2598048983809519569.lib
MOD - [2013/03/15 01:25:30 | 000,379,904 | ---- | M] () -- C:\Users\Joesphine\AppData\Local\Temp\libsqlitejdbc-2186157044128014680.lib
MOD - [2013/03/15 01:24:57 | 000,199,168 | ---- | M] () -- C:\Users\Joesphine\AppData\Local\Temp\WindowsAPI.dll3365220822034143136.lib
MOD - [2013/03/14 22:25:49 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/03/14 22:25:49 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013/02/19 14:28:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\bfceac53dda4bf7ba2f5020573f80163\System.ServiceProcess.ni.dll
MOD - [2013/02/19 14:26:28 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/02/19 02:01:37 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\806c4ba7d696ab586ffd774a31f1a66b\System.Windows.Forms.ni.dll
MOD - [2013/01/20 01:22:51 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\2be03dd49bc35a9286858479e0433449\Accessibility.ni.dll
MOD - [2013/01/20 01:20:48 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ee4683cbfd60ee35d95e2e6d32fc3981\System.Management.ni.dll
MOD - [2013/01/18 13:26:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/01/18 13:26:02 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\00038bb019bb7e4470d3962b58b1926f\System.Transactions.ni.dll
MOD - [2013/01/18 13:26:00 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\d0dd051976a66e08325379754531421c\System.Data.ni.dll
MOD - [2013/01/18 13:25:12 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/18 13:24:48 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\a412f0883db9c3276979d690a071dbfe\System.Security.ni.dll
MOD - [2013/01/18 13:24:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/01/18 13:24:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/01/18 13:24:11 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/18 13:24:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2013/01/18 03:21:52 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll
MOD - [2013/01/18 03:21:51 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll
MOD - [2013/01/18 03:21:48 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb72ac8478a5ea7e2d570bb710ecb1c1\System.Configuration.ni.dll
MOD - [2013/01/18 03:21:47 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll
MOD - [2013/01/18 03:21:41 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/05/14 01:08:28 | 000,313,856 | ---- | M] () -- C:\Program Files (x86)\CVision\License\dtlstats.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/11 22:39:44 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
MOD - [2010/08/17 07:21:30 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/08/17 07:21:30 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/08/17 07:21:30 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/14 11:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/11 07:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/11 07:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/08/06 12:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/22 07:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/25 09:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/18 12:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/14 22:25:49 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/05/14 01:07:04 | 000,582,656 | ---- | M] (CVISION Technologies) [Auto | Stopped] -- C:\Program Files (x86)\CVision\PdfCompressor 5.0\Service\CVCompressionService.exe -- (CVCompressionService)
SRV - [2012/05/14 00:02:18 | 000,162,816 | ---- | M] (CVISION Technologies Inc.) [Auto | Running] -- C:\Program Files (x86)\CVision\PdfCompressor 5.0\ftpsvc.exe -- (PdfCompressorFtpService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/17 10:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe -- (NIS)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/19 11:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/02 09:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/06 05:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/01 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/03 11:40:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/14 22:25:49 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 16:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/05/12 14:42:25 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/21 11:37:49 | 000,386,168 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/04/02 14:57:17 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/03/31 13:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 13:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/15 12:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 16:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 16:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 15:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/01/03 18:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/01/03 18:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/01/03 18:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/01/03 18:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/12/30 19:41:56 | 000,202,560 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2010/12/30 19:41:56 | 000,082,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2010/12/21 15:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 15:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/12/21 15:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/12/21 15:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/12/02 10:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010/11/10 08:16:22 | 000,191,960 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs64.sys -- (CbFs)
DRV:64bit: - [2010/11/04 20:57:54 | 001,041,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/09/29 17:55:54 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/09/14 04:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/08 05:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/04/14 03:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/23 11:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/06 05:57:18 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/18 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 09:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/29 18:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/06/29 18:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009/06/11 07:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 07:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 07:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 06:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/11 06:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/09 13:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/05/10 16:32:43 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/04/16 06:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110430.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/04/02 20:54:16 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110515.002\EX64.SYS -- (NAVEX15)
DRV - [2011/04/02 20:54:16 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110515.002\ENG64.SYS -- (NAVENG)
DRV - [2011/03/15 04:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110513.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....3-AAA66749ACB8}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo...s=1&affID=17393
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...3-AAA66749ACB8}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://suscopts.org/
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...E1-567202AF70BE
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo...s=1&affID=17393
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yah...psg&type=HPNTDF
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...3-AAA66749ACB8}
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Joesphine\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Joesphine\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Joesphine\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Joesphine\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Joesphine\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/10/05 19:43:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2012/02/11 20:42:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/20 18:57:53 | 000,000,000 | ---D | M]

[2011/05/17 19:39:23 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - Extension: Docs = C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Gmail = C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Docs = C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Gmail = C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Quick Media Converter Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient_2.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Quick Media Converter Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\Toolbar\WebBrowser: (Quick Media Converter Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000..\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Joesphine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} http://www.digitalwe...er/dbplugin.cab (DNL Reader)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{223AB2CB-965D-4AFB-8E6E-2D140420BEDE}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50CD433D-2ECB-45FA-9120-60CEDD7045E7}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B49A14F-1FCE-406A-B595-08B481A79AD1}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C963BEEE-8909-4E1D-AAC4-53E0E9B681A9}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA9FD3FB-46B5-42A8-9F2B-8186680F94EA}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB34E69B-F3E7-4CE5-89F1-56984388980B}: DhcpNameServer = 132.234.241.10 132.234.241.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/07 22:28:48 | 000,673,963 | ---- | M] () - Z:\01_22_SONG.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/06/30 20:05:31 | 000,000,000 | ---D | M] - Z:\01_Genesis -- [ FAT32 ]
O32 - AutoRun File - [2010/09/09 20:17:36 | 000,424,880 | ---- | M] () - Z:\030306.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:15:38 | 000,298,593 | ---- | M] () - Z:\04_DIVGRACE.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:15:54 | 000,838,742 | ---- | M] () - Z:\04_DIVOFCHR.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/04 22:22:00 | 000,088,198 | ---- | M] () - Z:\0909-marina-stjames01.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/04 22:17:22 | 000,059,993 | ---- | M] () - Z:\0911-mission-godknows.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/04 22:21:44 | 000,073,463 | ---- | M] () - Z:\091214-mission-doubleedgedsword.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/23 23:40:12 | 000,032,346 | ---- | M] () - Z:\0of Your goodness please give me yourself for you are enough for me and only through you do I have everything.docx -- [ FAT32 ]
O32 - AutoRun File - [2010/07/24 14:37:06 | 003,242,618 | ---- | M] () - Z:\1-2book.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:31:48 | 000,469,040 | ---- | M] () - Z:\10-tips-on-becoming-a-successful-servant.pdf -- [ FAT32 ]
O32 - AutoRun File - [2009/09/24 21:52:28 | 000,156,546 | ---- | M] () - Z:\10NT4-BAPTISM.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/22 13:28:18 | 001,250,218 | ---- | M] () - Z:\14072010.zip -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:10:50 | 000,043,520 | ---- | M] () - Z:\1990.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:21:50 | 000,722,690 | ---- | M] () - Z:\20091125001.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/08 14:33:04 | 000,852,236 | ---- | M] () - Z:\29-19.7.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/25 16:37:26 | 000,011,867 | ---- | M] () - Z:\2thess1-3.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:24:00 | 000,584,669 | ---- | M] () - Z:\3-types-of-friends.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/30 23:06:24 | 002,755,160 | ---- | M] () - Z:\30122009.zip -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:19:18 | 000,273,920 | ---- | M] () - Z:\3patriarchs1eng.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:19:57 | 000,315,392 | ---- | M] () - Z:\3Patriarchs2eng.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:20:45 | 000,933,888 | ---- | M] () - Z:\3patriarchs5eng.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/01/31 00:04:00 | 000,667,093 | ---- | M] () - Z:\40-4.10.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/24 15:05:06 | 052,472,732 | ---- | M] () - Z:\5-6book.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/07 21:41:40 | 000,086,195 | ---- | M] () - Z:\5-9.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/07 12:42:04 | 000,580,653 | ---- | M] () - Z:\52-27.12.09%20(new%20year's%20eve).pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/24 15:03:08 | 001,529,628 | ---- | M] () - Z:\7-9book.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:57:08 | 000,586,298 | ---- | M] () - Z:\8-keys-to-finding-gods-will-in-your-life.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/28 18:46:36 | 000,024,515 | ---- | M] () - Z:\A%20Calm%20Contemplation%20on%20Psalm%2013.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:04:38 | 000,612,833 | ---- | M] () - Z:\a-living-anamnesis.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 18:20:08 | 000,751,072 | ---- | M] () - Z:\ABBA ISAIAH OF EL ESKEET-his life, teachings and writings..pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/06/27 17:55:16 | 000,111,104 | ---- | M] () - Z:\ABlessedEngagement.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/05/03 19:38:10 | 000,475,981 | ---- | M] () - Z:\accepting-responsibility.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/08 14:40:24 | 000,026,112 | ---- | M] () - Z:\Acknowledged how well.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/03/31 01:05:53 | 001,809,165 | ---- | M] () - Z:\ADaywithJesus.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/26 21:09:28 | 000,268,288 | ---- | M] () - Z:\Agpeya Prayers.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/03/31 01:37:51 | 001,163,776 | ---- | M] () - Z:\Agpeya.ppt -- [ FAT32 ]
O32 - AutoRun File - [2011/06/30 20:05:32 | 000,000,000 | ---D | M] - Z:\Agpia -- [ FAT32 ]
O32 - AutoRun File - [2010/03/21 22:09:52 | 000,852,859 | ---- | M] () - Z:\AGPIA.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/08 20:27:14 | 000,125,051 | ---- | M] () - Z:\Agpia.txt -- [ FAT32 ]
O32 - AutoRun File - [2010/12/06 21:29:40 | 006,068,934 | ---- | M] () - Z:\Agpia_4_Youth_Meetings.pptx -- [ FAT32 ]
O32 - AutoRun File - [2010/07/08 14:39:26 | 000,027,648 | ---- | M] () - Z:\Akev chose and deal with friends.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:00:30 | 001,304,062 | ---- | M] () - Z:\alcohol-1.ppt -- [ FAT32 ]
O32 - AutoRun File - [2010/03/04 16:03:12 | 000,304,128 | ---- | M] () - Z:\alhan.org Your mercies O My Lord.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/08/22 21:52:24 | 000,015,265 | ---- | M] () - Z:\all-is-vanity.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/08/21 16:57:36 | 000,132,608 | ---- | M] () - Z:\Along the way to church.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:58:02 | 000,796,898 | ---- | M] () - Z:\An Introduction to the Book of Revelation.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:10:31 | 000,027,648 | ---- | M] () - Z:\anbabishoy89.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/03/20 19:38:21 | 000,563,974 | ---- | M] () - Z:\Anbabram.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/26 18:51:22 | 000,760,320 | ---- | M] () - Z:\AngerManagement.ppt -- [ FAT32 ]
O32 - AutoRun File - [2011/03/20 15:53:03 | 023,596,561 | ---- | M] (SecurePack) - Z:\AnnualPsalmody.exe -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:30:44 | 002,524,009 | ---- | M] () - Z:\Ante-Nicene_Fathers_-_Volume_01.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/04 16:26:32 | 008,212,532 | ---- | M] () - Z:\Apr%202010.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:59:40 | 000,460,094 | ---- | M] () - Z:\Archdeacon Habeeb Guirguis.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:16:05 | 000,048,640 | ---- | M] () - Z:\Assumption.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:14:03 | 000,032,768 | ---- | M] () - Z:\ATHANAS.DOC -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:14:41 | 000,050,688 | ---- | M] () - Z:\Atonement and Redemption.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/04/22 12:14:42 | 000,440,631 | ---- | M] () - Z:\Balancing Wisdom.zip -- [ FAT32 ]
O32 - AutoRun File - [2011/03/27 13:27:56 | 000,016,458 | ---- | M] () - Z:\BAPTIS.docx -- [ FAT32 ]
O32 - AutoRun File - [2010/08/25 20:37:38 | 000,218,829 | ---- | M] () - Z:\Basil_tracks.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/11/24 14:04:46 | 000,012,554 | ---- | M] () - Z:\bible-stations.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:16:52 | 000,415,602 | ---- | M] () - Z:\BLESSING.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:27:20 | 001,084,566 | ---- | M] () - Z:\BNFTLITR.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:03:48 | 000,349,087 | ---- | M] () - Z:\book-of-revelation.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/11/18 23:13:50 | 002,107,548 | ---- | M] () - Z:\BrisbaneConf_2010_Gods_plan_of_Salvation.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/16 23:35:21 | 000,188,705 | ---- | M] () - Z:\CalltoActionLetter.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:00:02 | 001,048,197 | ---- | M] () - Z:\Calmness.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:15:58 | 000,089,088 | ---- | M] () - Z:\catholics2.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:16:12 | 000,041,984 | ---- | M] () - Z:\catholics3.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:13:38 | 000,362,967 | ---- | M] () - Z:\CHILDREN.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:13:22 | 000,471,431 | ---- | M] () - Z:\CHRISFAM.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:11:19 | 000,043,520 | ---- | M] () - Z:\christ2.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/01/26 18:50:52 | 000,509,952 | ---- | M] () - Z:\Christian Heritage of the US founding.ppt -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:57:24 | 000,496,190 | ---- | M] () - Z:\christians-at-the-time-of-prayer.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:14:12 | 000,132,608 | ---- | M] () - Z:\Christological Controversies.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/03/20 20:56:08 | 000,064,512 | ---- | M] () - Z:\Clickonthetear.pps -- [ FAT32 ]
O32 - AutoRun File - [2010/07/10 14:50:30 | 000,673,963 | ---- | M] () - Z:\Commentary_on_the_Book_of_Song_of_Solomon.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:52:06 | 001,552,476 | ---- | M] () - Z:\Comparative Theology.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:04:02 | 000,859,858 | ---- | M] () - Z:\composition_of_man.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/30 22:38:28 | 107,121,343 | ---- | M] () - Z:\Conclusion of the Adam Theotokia.wmv -- [ FAT32 ]
O32 - AutoRun File - [2011/03/30 19:11:43 | 000,206,542 | ---- | M] () - Z:\Confession%20Guide.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:26:38 | 000,615,324 | ---- | M] () - Z:\CONSALT.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:00:54 | 000,843,400 | ---- | M] () - Z:\Contemplations on the Book of Jonah the Prophet.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/26 18:53:38 | 001,161,910 | ---- | M] () - Z:\Contemplations on the Sermon on the Mount by HH Pope Shenouda.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:00:40 | 001,161,910 | ---- | M] () - Z:\Contemplations on the Sermon on the Mount.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/25 20:25:51 | 000,000,000 | ---D | M] - Z:\Coptic Orthodox Documents -- [ FAT32 ]
O32 - AutoRun File - [2010/03/07 20:51:56 | 001,335,661 | ---- | M] () - Z:\coptic_dictionary.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/07 20:28:04 | 000,597,062 | ---- | M] () - Z:\coptic_font_standard.exe -- [ FAT32 ]
O32 - AutoRun File - [2011/03/21 21:03:06 | 000,148,487 | ---- | M] () - Z:\copticfonts.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:13:28 | 000,233,819 | ---- | M] () - Z:\COPTMUSC.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/08 14:19:42 | 001,780,269 | ---- | M] () - Z:\COPTSYNX.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/04 13:11:14 | 000,068,244 | ---- | M] () - Z:\Copy of Avva_ShenoudaNormal.TTF -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:08:15 | 000,058,880 | ---- | M] () - Z:\Copy of Isaac the Syrian.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/11/18 23:16:58 | 006,853,198 | ---- | M] () - Z:\COYA2010_WinterConference_Labouring.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/11/18 23:15:08 | 005,831,302 | ---- | M] () - Z:\COYA_08_TheLivingWaters.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/09/10 19:12:42 | 000,085,232 | ---- | M] () - Z:\criticism.ppt -- [ FAT32 ]
O32 - AutoRun File - [2010/10/15 16:44:34 | 000,090,244 | ---- | M] () - Z:\Curr018.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/30 19:14:07 | 000,761,504 | ---- | M] () - Z:\Daily%20Self-evaluation.pdf -- [ FAT32 ]
O32 - AutoRun File - [2009/06/15 09:40:04 | 000,042,687 | ---- | M] () - Z:\Data JOESPHINE.exe -- [ FAT32 ]
O32 - AutoRun File - [2011/03/24 20:40:54 | 000,728,251 | ---- | M] () - Z:\deacon's%20guide.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/21 12:04:04 | 000,020,933 | ---- | M] () - Z:\DEACON.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/26 21:35:10 | 000,527,929 | ---- | M] () - Z:\dec07.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/10 20:03:28 | 012,553,250 | ---- | M] () - Z:\Dec2010.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:58:00 | 000,386,257 | ---- | M] () - Z:\Deutronm.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/07 22:16:38 | 001,091,586 | ---- | M] () - Z:\Diabwars.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:09:05 | 000,041,984 | ---- | M] () - Z:\Did Judas Take Communion Edited.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/03/27 17:32:03 | 000,229,182 | ---- | M] () - Z:\Dimensions_of_Human_Sexuality2.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:53:20 | 001,658,906 | ---- | M] () - Z:\Discipleship.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:25:32 | 000,895,686 | ---- | M] () - Z:\do-not-cling-to-me.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/15 17:14:52 | 000,360,448 | ---- | M] () - Z:\Doc1.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/08/17 17:48:14 | 000,156,672 | ---- | M] () - Z:\Doc14.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 23:00:13 | 000,000,000 | ---- | M] () - Z:\Drag files here.txt -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:03:56 | 000,130,778 | ---- | M] () - Z:\earrings.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:58:08 | 000,691,001 | ---- | M] () - Z:\easter-sermon-st-john-chrysost.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/05/21 01:14:44 | 001,095,567 | ---- | M] () - Z:\ecf27wh.zip -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:11:22 | 000,167,424 | ---- | M] () - Z:\Ecumenical Works.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/04/05 19:57:17 | 000,000,000 | ---- | M] () - Z:\EKatamarous.zip -- [ FAT32 ]
O32 - AutoRun File - [2011/04/06 00:20:38 | 000,000,000 | ---D | M] - Z:\English Tasbeha - St Anthony Monastery California -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:09:35 | 000,032,768 | ---- | M] () - Z:\engschedule.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:59:54 | 000,673,634 | ---- | M] () - Z:\ephrem-the-syrian-how-many-times-have-i-promised.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/10 12:14:42 | 005,984,228 | ---- | M] () - Z:\Epsajee242.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/09/18 16:21:38 | 013,673,155 | ---- | M] () - Z:\Epsajee268.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:27:36 | 000,488,029 | ---- | M] () - Z:\EUCH3.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:26:26 | 001,460,322 | ---- | M] () - Z:\EUCHARST.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 18:17:44 | 000,183,876 | ---- | M] () - Z:\exercises1[1].0.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/02 23:24:02 | 000,139,581 | ---- | M] () - Z:\exorcism.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:52:50 | 000,633,258 | ---- | M] () - Z:\Experiences in Life.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:24:22 | 001,048,590 | ---- | M] () - Z:\explain_dinosaurs-please.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/08 15:34:34 | 016,322,712 | ---- | M] () - Z:\fall09-c.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/25 16:03:24 | 004,954,368 | ---- | M] () - Z:\fall10.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:24:50 | 000,107,760 | ---- | M] () - Z:\FAMILIFE.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:02:50 | 000,715,199 | ---- | M] () - Z:\family-planning-contraception-abortion.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/02 21:58:18 | 001,101,638 | ---- | M] () - Z:\fasting.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/06/30 15:07:56 | 000,074,316 | ---- | M] () - Z:\FatherYustusStANTONY.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:26:50 | 000,346,000 | ---- | M] () - Z:\FEASTS.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/10 21:23:32 | 009,272,430 | ---- | M] () - Z:\Feb 2010.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:06:40 | 001,226,770 | ---- | M] () - Z:\final_icon.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:51:28 | 001,315,130 | ---- | M] () - Z:\Focus on the Coptic Family a Spiritual and Liturgical Guide .pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/24 12:25:24 | 001,217,713 | ---- | M] () - Z:\fonts.zip -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:25:22 | 000,482,382 | ---- | M] () - Z:\footprints-nailprints.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:06:28 | 000,432,670 | ---- | M] () - Z:\framework-hypothesis-genesis.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/10 15:22:20 | 000,682,218 | ---- | M] () - Z:\friendship.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/08 17:25:52 | 303,923,811 | ---- | M] () - Z:\FrPaulGirguis-RememberingYourFirstLove2Enjoying The Divine Liturgy.wmv -- [ FAT32 ]
O32 - AutoRun File - [2011/03/16 22:57:34 | 000,784,934 | ---- | M] () - Z:\FT-Coptic%20Language-Lectures.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:58:14 | 000,022,904 | ---- | M] () - Z:\ftmlove.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/25 16:00:40 | 000,039,531 | ---- | M] () - Z:\gen1-7.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:11:00 | 000,033,280 | ---- | M] () - Z:\geneva93.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/03/31 01:16:37 | 000,543,850 | ---- | M] () - Z:\giftp.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/28 22:56:10 | 000,729,088 | ---- | M] () - Z:\Give God Time.pps -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 18:19:26 | 000,013,997 | ---- | M] () - Z:\God's plans.docx -- [ FAT32 ]
O32 - AutoRun File - [2010/03/20 23:49:16 | 001,107,091 | ---- | M] () - Z:\Grade00.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/20 23:49:22 | 001,160,172 | ---- | M] () - Z:\Grade02.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/25 16:11:04 | 001,226,804 | ---- | M] () - Z:\Grade03.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/20 16:54:13 | 001,999,375 | ---- | M] () - Z:\Grade12.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/15 15:00:38 | 038,109,271 | ---- | M] () - Z:\Grade_2.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/06/30 20:05:42 | 000,000,000 | ---D | M] - Z:\Great Lent -sunday vesper praises -- [ FAT32 ]
O32 - AutoRun File - [2011/06/30 20:05:42 | 000,000,000 | ---D | M] - Z:\Great Lent Liturgy- Wadgi bishara -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:09:42 | 000,049,152 | ---- | M] () - Z:\GREGORY.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/06/30 20:05:43 | 000,000,000 | ---D | M] - Z:\Griffith University, Nursing -- [ FAT32 ]
O32 - AutoRun File - [2010/07/10 13:37:16 | 000,376,911 | ---- | M] () - Z:\HABYOUSF.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/11/24 20:32:28 | 000,015,314 | ---- | M] () - Z:\Hananiah_,_Mishael_,_Azariah..pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/21 10:07:06 | 000,050,512 | ---- | M] () - Z:\Handout_-_Marriage_-_Part_1.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/21 10:06:54 | 000,048,667 | ---- | M] () - Z:\Handout_-_Marriage_-_Part_3.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/06 00:34:02 | 000,000,000 | ---D | M] - Z:\J -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:06:02 | 000,167,749 | ---- | M] () - Z:\life-of-st-noufer-by-paphnote.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/28 22:52:36 | 000,966,656 | ---- | M] () - Z:\Lifecanbehard.pps -- [ FAT32 ]
O32 - AutoRun File - [2010/06/30 14:23:22 | 025,709,568 | ---- | M] () - Z:\Liturgy_St_Basil_St_Gregory.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/20 19:50:57 | 000,125,751 | ---- | M] () - Z:\Living_and_Hope_-_Kiahk_1722.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/26 21:23:40 | 011,015,502 | ---- | M] () - Z:\Logos101110.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:22:18 | 000,625,548 | ---- | M] () - Z:\loneliness.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:54:42 | 000,719,011 | ---- | M] () - Z:\Lord, How. Contemplations on Psalm III.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/26 18:50:04 | 000,169,984 | ---- | M] () - Z:\Love & Relationships.ppt -- [ FAT32 ]
O32 - AutoRun File - [2011/01/15 21:18:56 | 000,252,625 | ---- | M] () - Z:\lying-on-one-side.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/07 16:45:56 | 000,212,157 | ---- | M] () - Z:\making-the-sign-of-the-cross.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/21 19:06:56 | 005,023,633 | ---- | M] () - Z:\Memorizing Hymns Helper v1[1].2.zip -- [ FAT32 ]
O32 - AutoRun File - [2010/08/25 20:36:46 | 000,209,060 | ---- | M] () - Z:\midnight_tracks.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/08 15:39:10 | 006,653,445 | ---- | M] () - Z:\MightyArrowsDecember2007s.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/08 15:37:58 | 018,311,903 | ---- | M] () - Z:\MightyArrowsMarch08.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/08 15:39:52 | 011,043,498 | ---- | M] () - Z:\MightyArrowsSeptember2007.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/08 15:36:00 | 016,608,915 | ---- | M] () - Z:\MightyArrowsSeptember2008.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:23:12 | 000,344,570 | ---- | M] () - Z:\MILESTNS.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:25:40 | 000,714,754 | ---- | M] () - Z:\miracles-that-occur-during-the-liturgy.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/07 22:56:50 | 000,781,053 | ---- | M] () - Z:\Monastery-Project-Brouchour.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/24 21:14:07 | 000,421,739 | ---- | M] () - Z:\Monasticism - Father Daniel Al-Antouny.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/07 13:40:12 | 001,677,128 | ---- | M] () - Z:\Nativity_Booklet_2011_01_04.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/09/06 16:31:34 | 000,774,028 | ---- | M] () - Z:\Newsletter26.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/27 18:16:12 | 000,668,160 | ---- | M] () - Z:\Newsletter38.pub -- [ FAT32 ]
O32 - AutoRun File - [2010/07/27 10:54:52 | 000,380,002 | ---- | M] () - Z:\non-fasting1.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/10 20:05:58 | 008,037,032 | ---- | M] () - Z:\Nov.%202010.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/19 13:16:48 | 003,995,040 | ---- | M] () - Z:\novdec09.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:03:40 | 000,572,606 | ---- | M] () - Z:\numbers_1-36_summary.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/04 15:59:34 | 000,423,424 | ---- | M] () - Z:\O Mary.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/01/10 20:10:12 | 008,488,801 | ---- | M] () - Z:\Oct.%202010.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/20 20:16:05 | 001,465,093 | ---- | M] () - Z:\One_Year_Bible_Reading_Plan.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:10:40 | 000,035,328 | ---- | M] () - Z:\ORITNT2.DOC -- [ FAT32 ]
O32 - AutoRun File - [2010/12/26 21:08:44 | 000,303,104 | ---- | M] () - Z:\Orthodox Creed (One God).doc -- [ FAT32 ]
O32 - AutoRun File - [2010/09/22 20:32:58 | 078,877,837 | ---- | M] () - Z:\Orthodox prayer life.wmv -- [ FAT32 ]
O32 - AutoRun File - [2011/03/25 13:50:10 | 031,984,602 | ---- | M] () - Z:\Other_Hymn_Maps.zip -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:57:54 | 000,574,429 | ---- | M] () - Z:\palm-sunday.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 18:25:02 | 022,273,793 | ---- | M] () - Z:\Paradise%20of%20the%20spirit%20Service.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/11 16:18:40 | 000,030,208 | ---- | M] () - Z:\partakers.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/12/26 21:36:48 | 000,234,844 | ---- | M] () - Z:\Passion_Week_Hazzat_Booklet_2007-04-04.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/04 16:28:22 | 000,025,088 | ---- | M] () - Z:\pekethronos.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/03/21 22:35:12 | 001,047,821 | ---- | M] () - Z:\Perfect%20Worship%20by%20Hg%20Bishop%20Mettaos.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/10 21:24:38 | 000,339,594 | ---- | M] () - Z:\personal-responsibility5.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/28 23:31:44 | 001,581,056 | ---- | M] () - Z:\Personality_Development_Notes.pps -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 22:15:07 | 001,435,520 | ---- | M] () - Z:\pi-monakhos-vol-1-issue-1.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 22:05:26 | 000,354,334 | ---- | M] () - Z:\pimoakhos-vol-1-issue3-booklet.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/17 17:52:08 | 000,305,233 | ---- | M] () - Z:\pimonakhos-vol-2-issue-11-a4.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/17 17:51:26 | 000,430,089 | ---- | M] () - Z:\pimonakhos-vol-2-issue-4-a4.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 22:00:27 | 000,843,861 | ---- | M] () - Z:\pimonakhos-vol-2-issue-8-booklet.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/11/03 00:32:30 | 000,669,935 | ---- | M] () - Z:\Pimonakhos-Vol-2-Issue-fff4-A4.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 22:30:23 | 000,472,787 | ---- | M] () - Z:\pimonakhos-vol-3-issue-1-booklet.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/17 17:51:44 | 001,235,636 | ---- | M] () - Z:\pimonakhos-vol-3-issue-2-a4.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 21:56:56 | 001,233,393 | ---- | M] () - Z:\pimonakhos-vol-3-issue-2-booklet.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/08 19:34:36 | 000,292,741 | ---- | M] () - Z:\pimonakhos-vol-3-issue-6-booklet.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 22:35:36 | 000,729,271 | ---- | M] () - Z:\pimonakhos-vol-3-issue-8-booklet1.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/05 10:35:58 | 000,565,122 | ---- | M] () - Z:\pimonakhos-vol-4-issue-1-a4.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/07 16:44:22 | 000,298,856 | ---- | M] () - Z:\Pimonakhos-Vol-4-Issue-10-A4.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/05 10:36:24 | 000,440,858 | ---- | M] () - Z:\pimonakhos-vol-4-issue-2-a4.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/30 21:37:48 | 000,485,821 | ---- | M] () - Z:\pimonakhos-vol-4-issue-3-booklet.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:15:06 | 000,283,138 | ---- | M] () - Z:\pimonakhos-vol-4-issue-4-booklet.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/05/28 00:14:16 | 000,597,681 | ---- | M] () - Z:\pimonakhos-vol-4-issue-5-a4.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 14:39:40 | 000,765,704 | ---- | M] () - Z:\pimonakhos-vol-4-issue-6-booklet.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/06/01 13:49:16 | 000,447,566 | ---- | M] () - Z:\pimonakhos-vol-4-issue-6-priesthood-a4.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/17 17:17:44 | 000,679,210 | ---- | M] () - Z:\pimonakhos-vol-4-issue-8-a4.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/09/04 19:01:06 | 000,720,357 | ---- | M] () - Z:\pimonakhos-vol-4-issue-9-a4.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/10 19:59:24 | 000,577,258 | ---- | M] () - Z:\Pimonakhos-Vol-5-Issue-1-Booklet.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/08 17:22:32 | 000,941,835 | ---- | M] () - Z:\Pimonakhos-Vol-5-Issue-3-Booklet.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/02/12 14:09:18 | 000,502,900 | ---- | M] () - Z:\Pimonakhos_Vol_5_Issue_2_A4.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/02/12 14:12:42 | 000,017,532 | ---- | M] () - Z:\Pimonakhos_Vol_5_Issue_2_A4h.txt -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:02:32 | 000,890,309 | ---- | M] () - Z:\pope-cyril-vi.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 18:21:20 | 000,162,024 | ---- | M] () - Z:\popekyrillos_fruits_of_love.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 18:22:24 | 003,183,616 | ---- | M] () - Z:\PopeKyrillosVIbyRIbrahim.ppt -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 18:22:50 | 000,573,522 | ---- | M] () - Z:\PopeKyrillosVISpiritualLeadership.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/26 18:50:48 | 001,981,386 | ---- | M] () - Z:\Practical Repentance.pptx -- [ FAT32 ]
O32 - AutoRun File - [2010/03/07 21:28:28 | 000,261,322 | ---- | M] () - Z:\Practical Spirituality according to the Desert Fathers- Fatherr Athanasius Iskander.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 18:22:52 | 000,018,320 | ---- | M] () - Z:\Praises Explained.docx -- [ FAT32 ]
O32 - AutoRun File - [2010/12/30 23:57:20 | 001,069,568 | ---- | M] () - Z:\Presentation.pps -- [ FAT32 ]
O32 - AutoRun File - [2009/07/07 16:10:44 | 000,001,269 | ---- | M] () - Z:\Presentations Menu.lnk -- [ FAT32 ]
O32 - AutoRun File - [2010/07/10 13:50:54 | 001,330,702 | ---- | M] () - Z:\Priesthood.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/03 22:09:20 | 000,065,554 | ---- | M] () - Z:\Program-of-Feasts-Kiahk-Praises-2010-2011.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/09/23 14:27:48 | 000,389,395 | ---- | M] () - Z:\psalm-11.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/20 21:39:06 | 000,021,819 | ---- | M] () - Z:\Psalm151.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/24 20:26:41 | 000,754,529 | ---- | M] () - Z:\Psalmody Book.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/17 20:08:06 | 000,169,021 | ---- | M] () - Z:\psalmody in coptic.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/21 22:09:44 | 011,752,404 | ---- | M] () - Z:\Psalmody.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/26 21:28:18 | 000,169,121 | ---- | M] () - Z:\Psalmody_Hazzat_Booklet_2007-09-20.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/19 02:02:16 | 001,355,607 | ---- | M] () - Z:\psalmodyk_v3.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:23:26 | 000,332,082 | ---- | M] () - Z:\PURELIVG.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/22 13:39:08 | 001,398,476 | ---- | M] () - Z:\q14072010.zip -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:54:32 | 000,688,599 | ---- | M] () - Z:\questionsv1.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:54:48 | 000,636,629 | ---- | M] () - Z:\questionsv2.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:55:00 | 000,713,199 | ---- | M] () - Z:\questionsv3.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:55:18 | 001,018,606 | ---- | M] () - Z:\questionsv4.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/01/01 16:33:32 | 001,815,408 | ---- | M] () - Z:\Quiet Time Guide 2010 - purple.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/30 19:20:35 | 000,178,264 | ---- | M] () - Z:\Quiet%20Time%20Guide%202011.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:55:36 | 001,099,186 | ---- | M] () - Z:\Quizzes on the Holy Bible.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/17 16:22:44 | 001,423,106 | ---- | M] () - Z:\relspirt.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/07 21:21:08 | 000,083,221 | ---- | M] () - Z:\RESURRECTION.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/13 19:30:36 | 000,545,800 | ---- | M] () - Z:\resurrection_hymns_abbreviated.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:57:40 | 001,105,363 | ---- | M] () - Z:\Return to God.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:14:32 | 000,230,912 | ---- | M] () - Z:\russia3rd.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/07/28 21:18:34 | 000,005,621 | ---- | M] () - Z:\saint george1.htm -- [ FAT32 ]
O32 - AutoRun File - [2010/07/28 18:37:16 | 000,005,324 | ---- | M] () - Z:\saint mina MOVIE LINK.htm -- [ FAT32 ]
O32 - AutoRun File - [2010/07/27 13:09:16 | 000,150,528 | ---- | M] () - Z:\Saint Philopateer Mercurius.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:06:18 | 000,283,093 | ---- | M] () - Z:\saint-abba-paphnote.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:06:34 | 000,474,199 | ---- | M] () - Z:\samuel-the-medium-of-endor.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/29 23:20:44 | 000,289,792 | ---- | M] () - Z:\Sayings of the fathers.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/07/10 13:41:22 | 000,855,203 | ---- | M] () - Z:\Sayings%20of%20the%20Desert%20Fathers.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:25:30 | 000,749,216 | ---- | M] () - Z:\SBLMONST.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 20:06:08 | 000,308,224 | ---- | M] () - Z:\screwtape letters- c.s lewis.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:30:28 | 000,665,178 | ---- | M] () - Z:\SCRINTRO.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:30:10 | 000,136,208 | ---- | M] () - Z:\SCRP1BPT.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:30:02 | 000,089,776 | ---- | M] () - Z:\SCRP2XNF.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:29:58 | 000,167,716 | ---- | M] () - Z:\SCRP3CNF.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:29:48 | 000,124,339 | ---- | M] () - Z:\SCRP4EUC.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:29:40 | 000,176,615 | ---- | M] () - Z:\SCRP5UNC.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:29:32 | 000,174,847 | ---- | M] () - Z:\SCRP6MTR.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:29:28 | 000,427,133 | ---- | M] () - Z:\SCRP7PRS.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/30 19:16:32 | 000,030,144 | ---- | M] () - Z:\Self_Exam_Honesty.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/30 19:14:22 | 000,029,816 | ---- | M] () - Z:\Self_Exam_Humility.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/30 19:16:13 | 000,018,424 | ---- | M] () - Z:\Self_Exam_Repentance.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/04 16:01:26 | 008,232,347 | ---- | M] () - Z:\Sep.%202010.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/18 17:01:40 | 000,081,623 | ---- | M] () - Z:\SetLimits.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/11/18 23:21:38 | 006,992,533 | ---- | M] () - Z:\SGYM_October2010.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/10/11 23:24:26 | 000,024,576 | ---- | M] () - Z:\Silence your lips that your heart may speak.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/03/04 14:28:48 | 000,422,883 | ---- | M] () - Z:\silent monk.docx -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:14:22 | 000,144,384 | ---- | M] () - Z:\siteseverus.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/09/20 22:55:54 | 003,151,638 | ---- | M] () - Z:\SolveigMM_WMP_Trimmer_Plugin_1_5.zip -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 17:56:36 | 000,519,487 | ---- | M] () - Z:\spiritual pictures.docx -- [ FAT32 ]
O32 - AutoRun File - [2010/03/06 10:19:18 | 000,151,552 | ---- | M] () - Z:\Spiritual Texts.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/07/08 15:33:08 | 006,365,128 | ---- | M] () - Z:\spring10.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:14:02 | 001,245,737 | ---- | M] () - Z:\SPRTICON.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/23 20:29:34 | 000,011,172 | ---- | M] () - Z:\SSR_TSRPT.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:01:14 | 000,709,340 | ---- | M] () - Z:\st-john-chrysostom-on-caring-for-the-suffering-members-of-christs-body.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/07 21:37:30 | 000,825,321 | ---- | M] () - Z:\st-john-chrysostom-on-marriage.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/07 21:37:26 | 000,722,241 | ---- | M] () - Z:\st-john-cyrsostom-on-choosing-a-spouse.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/05/28 14:15:08 | 000,081,408 | ---- | M] () - Z:\ST.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 18:11:00 | 000,030,056 | ---- | M] () - Z:\St_Anasimon_English.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 18:21:14 | 002,941,277 | ---- | M] () - Z:\St_Sidhom_Bishay_Fr_Mikhail_Ibrahim_Praise.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:28:00 | 000,093,507 | ---- | M] () - Z:\STCYRLIT.pdf -- [ FAT32 ]
O32 - AutoRun File - [2009/10/25 19:03:42 | 000,388,096 | ---- | M] () - Z:\StGeorgeSundaySchoolProgram.xls -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 18:10:16 | 000,260,479 | ---- | M] () - Z:\StMina_English_book.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/24 21:21:00 | 000,073,934 | ---- | M] () - Z:\Stories for the Youth 1-15 - Father Tadros Yacoub Malaty.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/24 21:24:04 | 000,039,592 | ---- | M] () - Z:\Stories for the Youth 29-31 - Father Tadros Yacoub Malaty.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/10 13:50:50 | 001,645,683 | ---- | M] () - Z:\Story of Copts.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/10 13:42:28 | 000,053,608 | ---- | M] () - Z:\STPTPUAL.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/08 15:36:56 | 029,106,048 | ---- | M] () - Z:\sum09-c.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/08 15:00:54 | 002,647,054 | ---- | M] () - Z:\sum10.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/09/05 17:54:26 | 006,686,720 | ---- | M] () - Z:\Sunday Liturgy_English Arabic.ppt -- [ FAT32 ]
O32 - AutoRun File - [2010/08/07 15:59:14 | 000,695,808 | ---- | M] () - Z:\sunday school homework.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/09/09 13:54:56 | 001,484,569 | ---- | M] () - Z:\SUS_DioceseNewsletter_Fall2010.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/08 22:59:36 | 010,454,939 | ---- | M] () - Z:\tamav erene book.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:57:50 | 000,592,195 | ---- | M] () - Z:\Tears in Spiritual Life.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:56:34 | 000,929,083 | ---- | M] () - Z:\Ten Concepts.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:52:06 | 000,988,497 | ---- | M] () - Z:\tencomv1.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:52:24 | 000,914,304 | ---- | M] () - Z:\tencomv2.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:52:40 | 000,988,787 | ---- | M] () - Z:\tencomv3.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:53:00 | 001,249,489 | ---- | M] () - Z:\tencomv4.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/09/29 16:16:58 | 000,000,000 | ---- | M] () - Z:\test.txt -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 17:07:34 | 000,184,320 | ---- | M] () - Z:\thank you JESUS.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:59:24 | 002,442,600 | ---- | M] () - Z:\The Church House of God.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:15:47 | 000,032,256 | ---- | M] () - Z:\The Da Vinci Code.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:58:50 | 000,756,978 | ---- | M] () - Z:\The Fiery Spirit.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/30 23:16:19 | 069,223,945 | ---- | M] () - Z:\The Fourth Hoos.wmv -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:53:06 | 000,049,160 | ---- | M] () - Z:\The Holy Virgin St. Mary.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:16:19 | 000,023,552 | ---- | M] () - Z:\The Immaculate conception.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:54:08 | 001,680,356 | ---- | M] () - Z:\The Life of Repentance and Purity.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:54:22 | 000,719,186 | ---- | M] () - Z:\The Life of Thanksgiving.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:55:16 | 000,730,310 | ---- | M] () - Z:\The Nature of Christ.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/06 09:48:56 | 003,369,472 | ---- | M] () - Z:\THE PARADISE OF THE HOLY FATHERS VOLUME 1.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/03/06 09:49:54 | 003,673,600 | ---- | M] () - Z:\THE PARADISE OF THE HOLY FATHERS VOLUME 2.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/01/26 18:51:00 | 000,072,704 | ---- | M] () - Z:\The Pentecost.ppt -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:08:51 | 000,036,864 | ---- | M] () - Z:\The Practice of Authority and Jurisdiction in the.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:55:42 | 001,330,702 | ---- | M] () - Z:\The Priesthood.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/26 18:54:18 | 029,559,484 | ---- | M] () - Z:\The Sacraments_Baptism.pptx -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:57:18 | 000,638,348 | ---- | M] () - Z:\The Seven Words of Our Lord on the Cross.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/05/08 19:19:36 | 000,113,152 | ---- | M] () - Z:\The Spirit of Serving.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:56:42 | 000,873,873 | ---- | M] () - Z:\The Spiritual Man.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:57:04 | 001,132,424 | ---- | M] () - Z:\The Spiritual Means.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:56:58 | 000,552,559 | ---- | M] () - Z:\The Spiritual Ministry.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:07:58 | 000,026,112 | ---- | M] () - Z:\The Temptation on the Mount.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/06/17 02:13:14 | 000,035,840 | ---- | M] () - Z:\The way of the Devil.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:09:14 | 000,028,672 | ---- | M] () - Z:\The Widow's Two Mites.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/08/21 12:04:42 | 000,017,643 | ---- | M] () - Z:\THE%20ANAGHNOSTOS.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/21 12:04:52 | 000,013,734 | ---- | M] () - Z:\The%20Epodeacon.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/28 18:47:20 | 000,093,660 | ---- | M] () - Z:\The%20Sacrament%20of%20Repentance%20and%20Confession.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 18:20:02 | 001,730,311 | ---- | M] () - Z:\The%20Spirituality%20of%20the%20Rites%20of%20the%20Holy%20Liturgy%20in%20the%20Cop.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/05/03 19:38:16 | 000,787,736 | ---- | M] () - Z:\the-christian-family.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/05/03 19:38:04 | 000,479,885 | ---- | M] () - Z:\the-church-fathers-on-purity-and-lust.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:01:18 | 000,780,150 | ---- | M] () - Z:\the-enemies-of-faith.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/30 17:51:03 | 000,046,658 | ---- | M] () - Z:\The-Great-I-AM-Program-%202008.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:57:34 | 000,662,589 | ---- | M] () - Z:\the-greatest-lie-part-2.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:31:36 | 000,594,657 | ---- | M] () - Z:\the-greatest-lie-part-3.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:26:58 | 000,833,380 | ---- | M] () - Z:\the-greatest-lie-part-4.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:02:38 | 000,792,810 | ---- | M] () - Z:\the-living-water.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:02:44 | 000,468,610 | ---- | M] () - Z:\the-man-under-the-fig-tree-nathanael.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:20:28 | 000,486,681 | ---- | M] () - Z:\the-scars-speak.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 16:06:24 | 000,419,888 | ---- | M] () - Z:\the-theben-desert.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/30 15:57:18 | 000,601,798 | ---- | M] () - Z:\the-way-of-the-hermit.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:26:10 | 000,045,692 | ---- | M] () - Z:\the_dogmas_By_Fr_Tadros_Y_Malaty.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/20 19:48:13 | 000,127,447 | ---- | M] () - Z:\The_Gospel_of_the_2nd_Mile_-_Amshir_1722.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/30 15:03:56 | 000,172,865 | ---- | M] () - Z:\The_program_of_Service_for_Passion_Week.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 18:20:44 | 001,091,569 | ---- | M] () - Z:\The_Sprituality_of_The_Praise-H.G Bishop Mettaous.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/21 22:18:22 | 018,332,215 | ---- | M] () - Z:\The_Story_of_the_Church_of_Egypt-2Vols-English.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/11/18 23:18:18 | 002,706,534 | ---- | M] () - Z:\The_Vine.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/21 21:04:18 | 000,612,556 | ---- | M] () - Z:\TheCopticContributiontoChristianCivilisation.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/04 12:57:44 | 000,311,715 | ---- | M] () - Z:\THECROSS.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/23 19:26:50 | 000,725,605 | ---- | M] () - Z:\thine_is_power.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/11 17:50:00 | 000,120,320 | ---- | M] () - Z:\This_is_beautiful_.pps -- [ FAT32 ]
O32 - AutoRun File - [2011/03/20 19:42:58 | 000,418,300 | ---- | M] () - Z:\Tradtion and Orthodoxy.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/03/20 19:49:18 | 000,136,494 | ---- | M] () - Z:\Trinity_and_Unity_-_Babah_1722.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/04 14:25:04 | 000,011,107 | ---- | M] () - Z:\verses of COMFORT.docx -- [ FAT32 ]
O32 - AutoRun File - [2010/03/04 14:24:20 | 000,169,921 | ---- | M] () - Z:\Verses.docx -- [ FAT32 ]
O32 - AutoRun File - [2011/01/26 18:07:28 | 003,295,744 | ---- | M] () - Z:\Walking on the Water.ppt -- [ FAT32 ]
O32 - AutoRun File - [2010/08/24 19:39:48 | 000,166,912 | ---- | M] () - Z:\We may have prayed this Psalm many times without realizing that it has the power of resurrection hidden within it.doc -- [ FAT32 ]
O32 - AutoRun File - [2011/03/29 22:49:05 | 000,069,632 | ---- | M] () - Z:\websites.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:28:10 | 000,177,422 | ---- | M] () - Z:\Wedding.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/20 20:51:38 | 002,482,176 | ---- | M] () - Z:\WhereGodWantsMe.pps -- [ FAT32 ]
O32 - AutoRun File - [2010/07/28 13:51:56 | 000,225,145 | ---- | M] () - Z:\who%20Am%20I.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/04/02 15:21:22 | 000,078,336 | ---- | M] () - Z:\Why The Cross.doc -- [ FAT32 ]
O32 - AutoRun File - [2010/07/08 15:32:48 | 004,647,604 | ---- | M] () - Z:\win10.pdf -- [ FAT32 ]
O32 - AutoRun File - [2011/01/25 16:11:00 | 004,379,599 | ---- | M] () - Z:\win11.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/12/20 21:39:26 | 000,107,814 | ---- | M] () - Z:\Wisdom.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/25 20:35:52 | 000,391,390 | ---- | M] () - Z:\word_liturgy_track_list.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:56:08 | 000,938,649 | ---- | M] () - Z:\Words Of Spiritual Benefit 101-150.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:55:56 | 001,122,127 | ---- | M] () - Z:\Words Of Spiritual Benefit 151-200.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:56:28 | 001,040,359 | ---- | M] () - Z:\Words Of Spiritual Benefit 51-100.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 21:56:18 | 000,565,659 | ---- | M] () - Z:\Words of Spritual Benefit 1-50.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/07 21:21:38 | 000,764,383 | ---- | M] () - Z:\You are My delightful garden-Fr Tadros Y. Malaty.pdf -- [ FAT32 ]
O32 - AutoRun File - [2009/10/09 00:40:36 | 000,002,316 | ---- | M] () - Z:\youth to memorize-Fr Augustinos Hanna.txt -- [ FAT32 ]
O32 - AutoRun File - [2011/03/30 17:50:02 | 000,053,435 | ---- | M] () - Z:\Youth-Meeting-Topics-2009.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/08/20 18:34:42 | 001,455,079 | ---- | M] () - Z:\Youth_Meeting_Hymns.pptx -- [ FAT32 ]
O32 - AutoRun File - [2010/07/07 22:24:04 | 000,417,215 | ---- | M] () - Z:\YTHCONSR.pdf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/08 14:17:34 | 000,001,490 | ---- | M] () - Z:\ÇáÓäßÓÇÑ.lnk -- [ FAT32 ]
O32 - AutoRun File - [2010/07/10 14:11:28 | 000,786,944 | ---- | M] () - Z:\بدعة الخلاص.doc -- [ FAT32 ]
O33 - MountPoints2\{48d010ca-4fbc-11e0-bfaa-78acc04ca4ec}\Shell - "" = AutoRun
O33 - MountPoints2\{48d010ca-4fbc-11e0-bfaa-78acc04ca4ec}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{48d010e0-4fbc-11e0-bfaa-78acc04ca4ec}\Shell - "" = AutoRun
O33 - MountPoints2\{48d010e0-4fbc-11e0-bfaa-78acc04ca4ec}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a8d05dee-506d-11e0-8a7f-78acc04ca4ec}\Shell - "" = AutoRun
O33 - MountPoints2\{a8d05dee-506d-11e0-8a7f-78acc04ca4ec}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a8d05f95-506d-11e0-8a7f-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{a8d05f95-506d-11e0-8a7f-001e101fb45e}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/15 01:35:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joesphine\Desktop\OTL.exe
[2013/03/15 00:42:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/15 00:42:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/15 00:42:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/15 00:42:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/15 00:42:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/15 00:42:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/15 00:42:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/15 00:42:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/15 00:42:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/15 00:42:49 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/15 00:42:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/15 00:42:48 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/15 00:42:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/15 00:42:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/15 00:42:44 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/15 00:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/15 00:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/15 00:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/15 00:19:10 | 000,000,000 | ---D | C] -- C:\Users\Joesphine\AppData\Local\AVG Secure Search
[2013/03/14 22:38:22 | 000,000,000 | ---D | C] -- C:\Users\Joesphine\AppData\Roaming\Malwarebytes
[2013/03/14 22:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/14 22:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/14 22:38:07 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/14 22:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/14 22:37:26 | 000,000,000 | ---D | C] -- C:\Users\Joesphine\AppData\Local\Programs
[2013/03/14 22:36:05 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Joesphine\Desktop\HijackThis.exe
[2013/03/14 22:25:52 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/03/14 22:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/03/14 22:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2013/03/14 22:14:06 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Joesphine\Desktop\mbam-setup-1.70.0.1100.exe
[2013/03/12 19:41:00 | 000,000,000 | ---D | C] -- C:\Users\Joesphine\AppData\Roaming\Mozilla
[2013/03/11 21:20:14 | 000,000,000 | ---D | C] -- C:\Users\Joesphine\Desktop\Adobe InCopy CS6
[2013/03/11 21:17:05 | 000,000,000 | ---D | C] -- C:\Users\Joesphine\Desktop\Adobe InDesign CS6
[2013/03/11 20:59:13 | 000,000,000 | ---D | C] -- C:\Users\Joesphine\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/03/11 20:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2013/03/11 20:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/03/11 20:49:42 | 000,000,000 | ---D | C] -- C:\Users\Joesphine\AppData\Local\{E2DD5D15-A89C-438C-9D33-16E3A6C71DA4}
[2013/03/11 19:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\2E181BC3DFC454A500002E17EDB45D10
[2013/03/09 14:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2013/03/09 14:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2013/02/23 21:20:18 | 000,000,000 | ---D | C] -- C:\Users\Joesphine\Desktop\Semester 1, 2013
[2013/02/18 19:30:31 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/18 19:30:28 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/18 19:30:27 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/18 19:30:17 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/02/18 19:30:17 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/02/18 19:30:16 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/02/18 19:30:15 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/02/18 19:30:15 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/18 19:30:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/02/18 19:30:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/18 19:30:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/02/18 19:30:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/02/18 19:30:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/18 19:30:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/18 19:30:07 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/02/18 19:30:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/18 19:30:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/02/18 19:30:01 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/02/18 19:30:01 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/02/18 19:30:01 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/02/18 19:30:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/02/18 19:30:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/02/18 19:30:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/02/18 19:30:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/02/18 19:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/02/18 19:29:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/02/18 19:29:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/02/18 19:29:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/02/18 19:29:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/02/18 19:29:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/02/18 19:29:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/02/18 19:29:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/02/18 19:29:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/02/18 19:29:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/02/18 19:29:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/02/18 19:29:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/02/18 19:29:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/02/18 19:29:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/02/18 19:29:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/02/18 19:29:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/02/18 19:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/02/18 19:29:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/02/18 19:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/02/18 19:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/02/18 19:29:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/02/18 19:29:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/02/18 19:29:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/02/18 19:29:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/02/18 19:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/02/18 19:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/02/18 19:29:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/02/18 19:29:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/02/18 19:29:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/02/18 19:29:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/02/18 19:29:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/02/18 19:29:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/02/18 19:29:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/02/18 19:29:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/02/18 19:29:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/02/18 19:29:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/02/18 19:29:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/02/18 19:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/02/18 19:29:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/02/18 19:29:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/02/18 19:29:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/02/18 19:29:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/02/18 19:29:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/02/18 19:29:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/02/18 19:29:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/02/18 19:29:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/02/18 19:29:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/02/18 19:29:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/18 19:29:00 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/18 18:04:37 | 000,000,000 | ---D | C] -- C:\Users\Joesphine\AppData\Local\{F54A3E36-15FD-478E-ABF9-F7034D6A464A}
[2013/02/18 17:58:22 | 000,000,000 | ---D | C] -- C:\Users\Joesphine\AppData\Local\{A5951C35-CEAA-4238-836A-348E82E39EF2}
[2013/02/18 17:48:04 | 000,000,000 | ---D | C] -- C:\Users\Joesphine\AppData\Local\{E61CF279-E052-4A4C-865C-4B65CB2FECDF}
[2013/02/13 18:57:30 | 000,000,000 | ---D | C] -- C:\Users\Joesphine\AppData\Local\{C5E29B9B-8881-47B1-B6BC-21CBD5B0246F}
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[5 C:\Users\Joesphine\Desktop\*.tmp files -> C:\Users\Joesphine\Desktop\*.tmp -> ]
[1 C:\Users\Joesphine\Documents\*.tmp files -> C:\Users\Joesphine\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/15 01:45:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2654745695-370069253-1796402766-1000UA.job
[2013/03/15 01:43:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/15 01:35:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joesphine\Desktop\OTL.exe
[2013/03/15 01:33:40 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/15 01:33:40 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/15 01:19:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/15 01:17:24 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/03/15 01:17:16 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/03/15 01:16:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/15 01:16:08 | 1501,974,528 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/14 22:38:08 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/14 22:36:20 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Joesphine\Desktop\HijackThis.exe
[2013/03/14 22:25:49 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/03/14 22:15:16 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Joesphine\Desktop\mbam-setup-1.70.0.1100.exe
[2013/03/13 21:19:12 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2654745695-370069253-1796402766-1000Core.job
[2013/03/12 20:37:45 | 002,574,725 | ---- | M] () -- C:\Users\Joesphine\Desktop\Pimonakhos-Vol-7-Issue-3-A4.pdf
[2013/03/12 01:00:22 | 000,026,612 | ---- | M] () -- C:\Users\Joesphine\Desktop\SS 1st sunday of lent.odt
[2013/03/11 23:01:33 | 021,052,972 | ---- | M] () -- C:\Users\Joesphine\Desktop\DrYousryArmanious-ChallengesFacingYouthToday.mp3
[2013/03/11 22:58:51 | 009,065,276 | ---- | M] () -- C:\Users\Joesphine\Desktop\FrJacobNabian-HowToFaceYourFears1Fear of the Future.mp3
[2013/03/11 22:35:06 | 015,413,501 | ---- | M] () -- C:\Users\Joesphine\Desktop\FrBishoyAndrawes-WhomShallISend.mp3
[2013/03/11 22:34:25 | 005,788,580 | ---- | M] () -- C:\Users\Joesphine\Desktop\Issue-58-English.pdf
[2013/03/11 22:31:18 | 016,660,648 | ---- | M] () -- C:\Users\Joesphine\Desktop\GeorgeBishara-FacetoFaceGradRetreat4.mp3
[2013/03/11 21:50:30 | 000,017,650 | ---- | M] () -- C:\Users\Joesphine\Desktop\Sunday School Lessons and Memory Verses.odt
[2013/03/11 21:33:03 | 000,003,753 | ---- | M] () -- C:\Users\Joesphine\Desktop\My Movie.wlmp
[2013/03/11 20:58:47 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2013/03/11 19:21:19 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/11 18:51:55 | 000,019,548 | ---- | M] () -- C:\Users\Joesphine\Desktop\self_cateredv2.pdf
[2013/03/11 18:25:44 | 000,095,108 | ---- | M] () -- C:\Users\Joesphine\Desktop\sampleonedayprogram.pdf
[2013/03/11 18:13:31 | 000,094,814 | ---- | M] () -- C:\Users\Joesphine\Desktop\3daycampmenuhelidon.pdf
[2013/03/11 18:11:57 | 000,024,168 | ---- | M] () -- C:\Users\Joesphine\Desktop\helidonschdeule13.pdf
[2013/03/10 17:38:02 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJoesphine.job
[2013/03/10 01:34:07 | 000,028,076 | ---- | M] () -- C:\Users\Joesphine\Desktop\7. SS lent Lord's Prayer (2).odt
[2013/03/10 01:20:12 | 000,033,745 | ---- | M] () -- C:\Users\Joesphine\Desktop\7. SS Lent Lord's Prayer.odt
[2013/03/09 21:37:24 | 004,372,582 | ---- | M] () -- C:\Users\Joesphine\Desktop\Grade_3_TeacherManual_100912.pdf
[2013/03/09 21:32:03 | 000,445,199 | ---- | M] () -- C:\Users\Joesphine\Desktop\Lent%20Workbook.pdf
[2013/03/09 21:11:53 | 000,736,426 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/09 21:11:53 | 000,633,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/09 21:11:53 | 000,115,490 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/09 14:19:30 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2013/03/09 00:05:01 | 000,024,052 | ---- | M] () -- C:\Users\Joesphine\Desktop\Untitled 1n.odt
[2013/03/03 23:25:23 | 000,000,162 | -H-- | M] () -- C:\Users\Joesphine\Desktop\~$mp Committee Meeting.odt
[2013/02/23 22:08:55 | 000,092,160 | -H-- | M] () -- C:\Users\Joesphine\Desktop\photothumb.db
[2013/02/19 14:04:03 | 000,385,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/19 01:55:35 | 000,002,117 | ---- | M] () -- C:\Users\Joesphine\Desktop\Microsoft Security Essentials.lnk
[2013/02/17 00:22:09 | 000,018,829 | ---- | M] () -- C:\Users\Joesphine\Desktop\4. David and saul.odt
[2013/02/16 18:44:48 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJOESPHINE-HP$.job
[2013/02/15 21:23:31 | 000,017,474 | ---- | M] () -- C:\Users\Joesphine\Desktop\Untitled 1.odt
[2013/02/13 18:23:05 | 000,074,151 | ---- | M] () -- C:\Users\Joesphine\Desktop\STUD0004_Credit-Transfer-Application_v4.pdf
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[5 C:\Users\Joesphine\Desktop\*.tmp files -> C:\Users\Joesphine\Desktop\*.tmp -> ]
[1 C:\Users\Joesphine\Documents\*.tmp files -> C:\Users\Joesphine\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/14 22:38:08 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/12 20:37:45 | 002,574,725 | ---- | C] () -- C:\Users\Joesphine\Desktop\Pimonakhos-Vol-7-Issue-3-A4.pdf
[2013/03/12 19:40:04 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2654745695-370069253-1796402766-1000UA.job
[2013/03/12 19:40:02 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2654745695-370069253-1796402766-1000Core.job
[2013/03/12 00:14:24 | 000,026,612 | ---- | C] () -- C:\Users\Joesphine\Desktop\SS 1st sunday of lent.odt
[2013/03/11 22:51:30 | 009,065,276 | ---- | C] () -- C:\Users\Joesphine\Desktop\FrJacobNabian-HowToFaceYourFears1Fear of the Future.mp3
[2013/03/11 22:50:23 | 021,052,972 | ---- | C] () -- C:\Users\Joesphine\Desktop\DrYousryArmanious-ChallengesFacingYouthToday.mp3
[2013/03/11 22:34:25 | 005,788,580 | ---- | C] () -- C:\Users\Joesphine\Desktop\Issue-58-English.pdf
[2013/03/11 22:25:12 | 016,660,648 | ---- | C] () -- C:\Users\Joesphine\Desktop\GeorgeBishara-FacetoFaceGradRetreat4.mp3
[2013/03/11 22:21:34 | 015,413,501 | ---- | C] () -- C:\Users\Joesphine\Desktop\FrBishoyAndrawes-WhomShallISend.mp3
[2013/03/11 21:33:03 | 000,003,753 | ---- | C] () -- C:\Users\Joesphine\Desktop\My Movie.wlmp
[2013/03/11 20:58:47 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2013/03/11 20:58:46 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2013/03/11 18:51:48 | 000,019,548 | ---- | C] () -- C:\Users\Joesphine\Desktop\self_cateredv2.pdf
[2013/03/11 18:25:44 | 000,095,108 | ---- | C] () -- C:\Users\Joesphine\Desktop\sampleonedayprogram.pdf
[2013/03/11 18:13:28 | 000,094,814 | ---- | C] () -- C:\Users\Joesphine\Desktop\3daycampmenuhelidon.pdf
[2013/03/11 18:11:52 | 000,024,168 | ---- | C] () -- C:\Users\Joesphine\Desktop\helidonschdeule13.pdf
[2013/03/10 01:20:10 | 000,033,745 | ---- | C] () -- C:\Users\Joesphine\Desktop\7. SS Lent Lord's Prayer.odt
[2013/03/09 21:36:52 | 004,372,582 | ---- | C] () -- C:\Users\Joesphine\Desktop\Grade_3_TeacherManual_100912.pdf
[2013/03/09 21:32:03 | 000,445,199 | ---- | C] () -- C:\Users\Joesphine\Desktop\Lent%20Workbook.pdf
[2013/03/09 14:27:14 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJoesphine.job
[2013/03/09 14:19:30 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2013/03/09 00:04:52 | 000,024,052 | ---- | C] () -- C:\Users\Joesphine\Desktop\Untitled 1n.odt
[2013/03/08 13:08:18 | 000,002,489 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/03/05 23:37:49 | 000,028,076 | ---- | C] () -- C:\Users\Joesphine\Desktop\7. SS lent Lord's Prayer (2).odt
[2013/03/03 23:25:23 | 000,000,162 | -H-- | C] () -- C:\Users\Joesphine\Desktop\~$mp Committee Meeting.odt
[2013/02/21 23:14:12 | 000,017,650 | ---- | C] () -- C:\Users\Joesphine\Desktop\Sunday School Lessons and Memory Verses.odt
[2013/02/15 20:48:33 | 000,017,474 | ---- | C] () -- C:\Users\Joesphine\Desktop\Untitled 1.odt
[2013/02/13 18:23:05 | 000,074,151 | ---- | C] () -- C:\Users\Joesphine\Desktop\STUD0004_Credit-Transfer-Application_v4.pdf
[2013/01/11 23:01:36 | 000,000,632 | RHS- | C] () -- C:\Users\Joesphine\ntuser.pol
[2012/10/09 00:31:06 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/09/06 22:29:25 | 000,098,344 | ---- | C] () -- C:\Windows\unTMV.exe
[2012/03/15 23:26:23 | 000,894,616 | ---- | C] () -- C:\Windows\dbplugin.exe
[2011/12/15 13:24:19 | 000,012,393 | ---- | C] () -- C:\Users\Joesphine\AppData\Local\Update.12.Bron.Tok.bin
[2011/11/04 14:42:09 | 000,000,000 | ---- | C] () -- C:\Users\Joesphine\AppData\Local\{0D104F47-165E-41DC-B27B-67426145A0D7}
[2011/07/29 17:22:30 | 000,000,000 | ---- | C] () -- C:\Users\Joesphine\AppData\Local\{56DCC3A6-9986-4E09-8EB1-AEBA78991B37}
[2011/07/28 21:35:15 | 000,013,824 | ---- | C] () -- C:\Users\Joesphine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/13 00:27:33 | 000,410,679 | ---- | C] () -- C:\Users\Joesphine\AppData\Local\NetMailTmp.bin
[2011/03/29 18:00:00 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/03/25 13:16:33 | 000,001,854 | ---- | C] () -- C:\Users\Joesphine\AppData\Roaming\GhostObjGAFix.xml
[2011/03/25 12:45:30 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/03/25 05:35:18 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/25 05:28:12 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/16 20:31:24 | 000,736,616 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== ZeroAccess Check ==========

[2013/03/11 19:00:47 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$e7a948736f3cf202f60f7e9951674924\L
[2013/03/11 19:00:47 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$e7a948736f3cf202f60f7e9951674924\U
[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 15:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 14:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 11:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

#5
Joey23
Posted 14 March 2013 - 10:22 AM

Joey23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Extras:

OTL Extras logfile created on: 3/15/2013 1:42:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joesphine\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.17 Gb Available Physical Memory | 9.23% Memory free
3.73 Gb Paging File | 1.59 Gb Available in Paging File | 42.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.01 Gb Total Space | 326.35 Gb Free Space | 72.84% Space Free | Partition Type: NTFS
Drive D: | 17.45 Gb Total Space | 2.51 Gb Free Space | 14.38% Space Free | Partition Type: NTFS
Drive Z: | 2.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32

Computer Name: JOESPHINE-HP | User Name: Joesphine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{055CE496-04F9-4A1A-9B28-E29B7CB3D719}C:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"TCP Query User{A1C04727-214B-4175-A833-B96780E5C303}C:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"UDP Query User{484A88A4-8482-4172-81EE-FB5BF812DE63}C:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"UDP Query User{49771352-B8A3-4A56-9C02-B6856EA72A1F}C:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"doPDF 7 printer_is1" = doPDF 7.2 printer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2385DA7C-F545-4E66-A968-D464F0519425}" = HP Documentation
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D31A225-453B-4798-8452-9F2181CA6971}" = SoftStylus
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB8880-E52A-4467-B959-7CB3AA5C974A}" = PdfCompressor 5.0 Professional
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EAC98582-5ED4-3BCA-BCD5-9E1A328BD7BE}" = Google Talk Plugin
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Aiseesoft PDF to Image Converter_is1" = Aiseesoft PDF to Image Converter
"Audacity_is1" = Audacity 2.0
"AVG Secure Search" = AVG Security Toolbar
"AVS Audio Converter 6.3_is1" = AVS Audio Converter version 6.3
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Coptic Standard Font Project_is1" = Coptic Fonts 1.03
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{68AB8880-E52A-4467-B959-7CB3AA5C974A}" = PdfCompressor 5.0 Professional
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"My HP Game Console" = HP Game Console
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoScape" = PhotoScape
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"TextMaker Viewer" = TextMaker Viewer
"VideoSpirit Pro" = VideoSpirit Pro 1.74
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT089299" = Mystery P.I. - The London Caper
"WT089300" = World Cup Cricket 20-20
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZumoDrive" = HP CloudDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2654745695-370069253-1796402766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"QUICKMEDIACONVERTER" = Quick Media Converter

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/13/2013 9:33:23 AM | Computer Name = Joesphine-HP | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 3/13/2013 9:39:38 AM | Computer Name = Joesphine-HP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1728 Start
Time: 01ce1fefd1b00325 Termination Time: 250 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 3/13/2013 11:46:52 PM | Computer Name = Joesphine-HP | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 3/14/2013 7:55:51 AM | Computer Name = Joesphine-HP | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 3/14/2013 8:04:28 AM | Computer Name = Joesphine-HP | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 3/14/2013 10:16:54 AM | Computer Name = Joesphine-HP | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 3/14/2013 11:17:30 AM | Computer Name = Joesphine-HP | Source = VMCService | ID = 0
Description = conflictManagerTypeValue

Error - 3/14/2013 11:28:22 AM | Computer Name = Joesphine-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0061-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 3/14/2013 11:31:56 AM | Computer Name = Joesphine-HP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16470 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 10b4 Start
Time: 01ce20c85f0a18a9 Termination Time: 10 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 3/14/2013 11:33:14 AM | Computer Name = Joesphine-HP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16470 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13f4 Start
Time: 01ce20c90f869915 Termination Time: 10 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

[ Hewlett-Packard Events ]
Error - 2/8/2013 5:50:18 AM | Computer Name = Joesphine-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 2/22/2013 6:45:43 AM | Computer Name = Joesphine-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 2/22/2013 6:45:45 AM | Computer Name = Joesphine-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 2/22/2013 6:45:45 AM | Computer Name = Joesphine-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 3/8/2013 2:46:16 AM | Computer Name = Joesphine-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 3/8/2013 2:52:43 AM | Computer Name = Joesphine-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 3/8/2013 2:53:04 AM | Computer Name = Joesphine-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 3/8/2013 2:53:04 AM | Computer Name = Joesphine-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 3/8/2013 2:53:04 AM | Computer Name = Joesphine-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 3/9/2013 1:23:36 AM | Computer Name = Joesphine-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 1909
Ram
Utilization: 90 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


[ HP Wireless Assistant Events ]
Error - 2/18/2013 2:32:58 AM | Computer Name = Joesphine-HP | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 2/19/2013 12:09:07 AM | Computer Name = Joesphine-HP | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 2/19/2013 12:13:04 AM | Computer Name = Joesphine-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/21/2013 6:24:54 AM | Computer Name = Joesphine-HP | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 2/21/2013 8:17:41 AM | Computer Name = Joesphine-HP | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 2/23/2013 1:51:50 AM | Computer Name = Joesphine-HP | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 3/2/2013 5:40:30 AM | Computer Name = Joesphine-HP | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 3/3/2013 4:10:45 AM | Computer Name = Joesphine-HP | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 3/8/2013 10:16:36 AM | Computer Name = Joesphine-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 3/8/2013 10:16:50 AM | Computer Name = Joesphine-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

[ Media Center Events ]
Error - 3/5/2013 9:19:02 AM | Computer Name = Joesphine-HP | Source = MCUpdate | ID = 0
Description = 11:19:02 PM - Error connecting to the internet. 11:19:02 PM - Unable
to contact server..

Error - 3/5/2013 9:19:14 AM | Computer Name = Joesphine-HP | Source = MCUpdate | ID = 0
Description = 11:19:07 PM - Error connecting to the internet. 11:19:07 PM - Unable
to contact server..

Error - 3/8/2013 10:19:00 AM | Computer Name = Joesphine-HP | Source = MCUpdate | ID = 0
Description = 12:19:00 AM - Error connecting to the internet. 12:19:00 AM - Unable
to contact server..

Error - 3/8/2013 10:19:23 AM | Computer Name = Joesphine-HP | Source = MCUpdate | ID = 0
Description = 12:19:23 AM - Error connecting to the internet. 12:19:23 AM - Unable
to contact server..

Error - 3/8/2013 10:19:26 AM | Computer Name = Joesphine-HP | Source = MCUpdate | ID = 0
Description = 12:19:06 AM - Error connecting to the internet. 12:19:06 AM - Unable
to contact server..

Error - 3/8/2013 10:19:29 AM | Computer Name = Joesphine-HP | Source = MCUpdate | ID = 0
Description = 12:19:28 AM - Error connecting to the internet. 12:19:28 AM - Unable
to contact server..

Error - 3/9/2013 11:20:05 AM | Computer Name = Joesphine-HP | Source = MCUpdate | ID = 0
Description = 1:20:05 AM - Error connecting to the internet. 1:20:05 AM - Unable
to contact server..

Error - 3/9/2013 11:20:20 AM | Computer Name = Joesphine-HP | Source = MCUpdate | ID = 0
Description = 1:20:10 AM - Error connecting to the internet. 1:20:10 AM - Unable
to contact server..

Error - 3/14/2013 11:30:13 AM | Computer Name = Joesphine-HP | Source = MCUpdate | ID = 0
Description = 1:30:11 AM - Error connecting to the internet. 1:30:11 AM - Unable
to contact server..

Error - 3/14/2013 11:31:03 AM | Computer Name = Joesphine-HP | Source = MCUpdate | ID = 0
Description = 1:30:42 AM - Error connecting to the internet. 1:30:42 AM - Unable
to contact server..

[ System Events ]
Error - 3/14/2013 10:17:35 AM | Computer Name = Joesphine-HP | Source = Service Control Manager | ID = 7000
Description = The Symantec Network Security WFP Driver service failed to start due
to the following error: %%193

Error - 3/14/2013 10:19:17 AM | Computer Name = Joesphine-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 3/14/2013 10:20:13 AM | Computer Name = Joesphine-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
.NET Framework NGEN v4.0.30319_X86 service to connect.

Error - 3/14/2013 11:16:46 AM | Computer Name = Joesphine-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:13:49 AM on ?15/?03/?2013 was unexpected.

Error - 3/14/2013 11:18:22 AM | Computer Name = Joesphine-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SymNetS

Error - 3/14/2013 11:18:22 AM | Computer Name = Joesphine-HP | Source = Service Control Manager | ID = 7000
Description = The Symantec Network Security WFP Driver service failed to start due
to the following error: %%193

Error - 3/14/2013 11:21:04 AM | Computer Name = Joesphine-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
.NET Framework NGEN v4.0.30319_X86 service to connect.

Error - 3/14/2013 11:24:41 AM | Computer Name = Joesphine-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 3/14/2013 11:24:57 AM | Computer Name = Joesphine-HP | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 3/14/2013 11:25:13 AM | Computer Name = Joesphine-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >
  • 0

#6
Buddierdl
Posted 15 March 2013 - 07:40 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Joey23

Note: You have a backdoor infection.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. There is no way for us to know exactly what the malware has done to your machine to give itself access, nor how it may have damaged critical files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. Many experts in the security community believe that once infected with this type of trojan, the best and safest course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

That being said, I can still help you clean out the malware as best as I can without going that route (though there is no guarantee that it will work right or be totally safe after disinfection), so if you decide that you don't want to do a format and reinstall of Windows, then please follow the instructions below:

Step 1: Run OTL fix.
Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
[createrestorepoint]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....3-AAA66749ACB8}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo...s=1&affID=17393
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...3-AAA66749ACB8}
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo...s=1&affID=17393
IE - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...3-AAA66749ACB8}

[2011/05/17 19:39:23 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient_2.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2654745695-370069253-1796402766-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

[2011/12/15 13:24:19 | 000,012,393 | ---- | C] () -- C:\Users\Joesphine\AppData\Local\Update.12.Bron.Tok.bin
[2011/06/13 00:27:33 | 000,410,679 | ---- | C] () -- C:\Users\Joesphine\AppData\Local\NetMailTmp.bin

:Files
C:\$Recycle.Bin\S-1-5-18
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply.

Step 2: Run ComboFix.

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Step 3: Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Things I need in your next reply:
  • OTL fix log
  • ComboFix log
  • adwCleaner log
  • How is your computer running now?

  • 0

#7
Joey23
Posted 15 March 2013 - 07:57 AM

Joey23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I can't seem to find any anti-virus/spyware program in the system tray icon. Should I just start with Combofix?

Here's the Fix Log:

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_USERS\S-1-5-21-2654745695-370069253-1796402766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Registry key HKEY_USERS\S-1-5-21-2654745695-370069253-1796402766-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient_2.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-2654745695-370069253-1796402766-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
C:\Users\Joesphine\AppData\Local\Update.12.Bron.Tok.bin moved successfully.
C:\Users\Joesphine\AppData\Local\NetMailTmp.bin moved successfully.
========== FILES ==========
C:\$Recycle.Bin\S-1-5-18\$e7a948736f3cf202f60f7e9951674924\U folder moved successfully.
C:\$Recycle.Bin\S-1-5-18\$e7a948736f3cf202f60f7e9951674924\L folder moved successfully.
C:\$Recycle.Bin\S-1-5-18\$e7a948736f3cf202f60f7e9951674924 folder moved successfully.
C:\$Recycle.Bin\S-1-5-18 folder moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 03152013_235031
  • 0

#8
Buddierdl
Posted 15 March 2013 - 10:58 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Go ahead and run ComboFix. Don't worry about disabling the anti-virus.Posted Image
  • 0

#9
Joey23
Posted 16 March 2013 - 02:15 AM

Joey23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I accidently did three re-runs on Combofix (read the 'notes' after I did them and the third, my laptop was low batt)
Combo Log:

ComboFix 13-03-16.01 - Joesphine 16/03/2013 16:52:12.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1910.608 [GMT 10:00]
Running from: c:\users\Joesphine\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JOESPH~1\AppData\Local\Temp\libsqlitejdbc-7193554441468242085.lib
c:\users\JOESPH~1\AppData\Local\Temp\swt-gdip-win32-3448.dll
c:\users\JOESPH~1\AppData\Local\Temp\swt-win32-3448.dll
c:\users\JOESPH~1\AppData\Local\Temp\WindowsAPI.dll9103392504186153575.lib
c:\users\JOESPH~1\AppData\Local\Temp\WindowsFolderWatcher.dll3451020709503792876.lib
c:\users\JOESPH~1\AppData\Local\Temp\WindowsZFSJNI.dll217557964938907033.lib
c:\users\Joesphine\AppData\Local\Kosong.Bron.Tok.txt
c:\users\Joesphine\AppData\Local\Temp\libsqlitejdbc-7193554441468242085.lib
c:\users\Joesphine\AppData\Local\Temp\swt-gdip-win32-3448.dll
c:\users\Joesphine\AppData\Local\Temp\swt-win32-3448.dll
c:\users\Joesphine\AppData\Local\Temp\WindowsAPI.dll9103392504186153575.lib
c:\users\Joesphine\AppData\Local\Temp\WindowsFolderWatcher.dll3451020709503792876.lib
c:\users\Joesphine\AppData\Local\Temp\WindowsZFSJNI.dll217557964938907033.lib
c:\users\Joesphine\Documents\~WRL0089.tmp
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-16 to 2013-03-16 )))))))))))))))))))))))))))))))
.
.
2013-03-16 07:35 . 2013-03-16 07:35 0 ----a-w- c:\windows\SysWow64\shoF7D6.tmp
2013-03-16 07:30 . 2013-03-16 07:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-16 07:30 . 2013-03-16 07:30 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-03-16 07:30 . 2013-03-16 07:30 -------- d-----w- c:\users\Account Two\AppData\Local\temp
2013-03-15 13:50 . 2013-03-15 13:50 -------- d-----w- C:\_OTL
2013-03-14 15:43 . 2013-02-12 14:02 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-03-14 15:43 . 2013-02-12 14:02 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-14 14:39 . 2013-03-14 14:39 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-14 14:39 . 2013-03-14 14:39 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-14 14:19 . 2013-03-14 14:19 -------- d-----w- c:\users\Joesphine\AppData\Local\AVG Secure Search
2013-03-14 12:38 . 2013-03-14 12:38 -------- d-----w- c:\users\Joesphine\AppData\Roaming\Malwarebytes
2013-03-14 12:38 . 2013-03-14 12:38 -------- d-----w- c:\programdata\Malwarebytes
2013-03-14 12:38 . 2013-03-14 12:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-14 12:38 . 2012-12-14 06:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-14 12:37 . 2013-03-14 12:37 -------- d-----w- c:\users\Joesphine\AppData\Local\Programs
2013-03-14 12:25 . 2013-03-14 12:25 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-03-14 12:25 . 2013-03-14 12:25 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-03-14 12:25 . 2013-03-14 12:25 -------- d-----w- c:\program files (x86)\AVG Secure Search
2013-03-11 10:59 . 2013-03-11 10:59 -------- d-----w- c:\users\Joesphine\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-03-11 10:58 . 2013-03-11 10:58 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2013-03-11 10:58 . 2013-03-11 10:58 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-03-11 09:00 . 2013-03-11 09:07 -------- d-----w- c:\programdata\2E181BC3DFC454A500002E17EDB45D10
2013-03-09 04:15 . 2013-03-09 04:15 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2013-02-18 09:40 . 2013-01-04 03:22 3150848 ----a-w- c:\windows\system32\win32k.sys
2013-02-18 09:29 . 2013-01-04 05:27 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-02-16 08:46 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-16 08:46 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 11:30 . 2011-03-24 12:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-03-15 11:29 . 2011-03-24 12:36 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-14 14:48 . 2011-05-11 14:17 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-11 08:57 . 2011-04-02 06:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-03-11 08:57 . 2011-04-02 06:54 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-02-08 00:28 . 2013-03-16 07:24 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8B7F882-622B-46D3-BC83-32DB2D730335}\mpengine.dll
2013-02-08 00:28 . 2013-03-14 15:07 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-30 10:53 . 2011-09-02 07:08 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 05:59 . 2013-01-20 05:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 05:59 . 2012-03-20 10:44 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-18 09:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-28 15:21 . 2012-12-28 15:21 0 ----a-w- c:\windows\SysWow64\sho8905.tmp
2012-12-16 16:52 . 2012-12-31 07:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-31 07:03 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-31 07:03 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-31 07:03 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-03-14 12:25 1929392 ----a-w- c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 12:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-03-14 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-04-02 2080]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-02-18 890256]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-02-18 3373456]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-07-03 2328576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-04-02 2080]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2011-04-11 30192]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-03-14 1151152]
.
c:\users\Joesphine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CVista Monitor.lnk - c:\program files (x86)\CVision\License\CVistaMonitor.exe [2012-5-14 776704]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-29 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [2011-04-21 386168]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CVCompressionService;CVISION PdfCompressor Watched Folder Service;c:\program files (x86)\CVision\PdfCompressor 5.0\Service\CVCompressionService.exe [2012-05-13 582656]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2010-12-30 82112]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 132608]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-04-11 30192]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 116096]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2010-12-02 171008]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 157160]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 177128]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-01-03 145384]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2010-12-30 202560]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-18 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [2011-03-15 912504]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-14 39768]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110430.001\BHDrvx64.sys [2011-04-15 1127032]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs64.sys [2010-11-09 191960]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110513.001\IDSvia64.sys [2011-03-14 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [2011-01-27 171128]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PdfCompressorFtpService;CVISION PdfCompressor Communication Service;c:\program files (x86)\CVision\PdfCompressor 5.0\ftpsvc.exe [2012-05-13 162816]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-07-03 9216]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-03-14 968880]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-29 31088]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2011-04-02 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-03-05 271872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-04 1041760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-09-30 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-09-30 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-09-30 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-09-30 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-16 06:45 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 12:32]
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-11 12:32]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2654745695-370069253-1796402766-1000Core.job
- c:\users\Joesphine\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-12 10:38]
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2654745695-370069253-1796402766-1000UA.job
- c:\users\Joesphine\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-12 10:38]
.
2013-02-16 c:\windows\Tasks\HPCeeScheduleForJOESPHINE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-03-10 c:\windows\Tasks\HPCeeScheduleForJoesphine.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://suscopts.org/
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.42.129
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} - hxxp://www.digitalwebbooks.com/reader/dbplugin.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2654745695-370069253-1796402766-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**¥*f%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2013-03-16 17:55:25 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-16 07:55
.
Pre-Run: 349,217,218,560 bytes free
Post-Run: 352,511,799,296 bytes free
.
- - End Of File - - B050C486C3F7C3AB6DA8685504B9B9BC














adwcleaner log:

# AdwCleaner v2.114 - Logfile created 03/16/2013 at 17:57:11
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Joesphine - JOESPHINE-HP
# Boot Mode : Normal
# Running from : C:\Users\Joesphine\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\Yontoo Layers Runtime
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Joesphine\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\Joesphine\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Joesphine\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Joesphine\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Joesphine\AppData\LocalLow\SweetIM
Folder Deleted : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Key Deleted : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{774C0434-9948-4DEE-A14E-69CDD316E36C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Joesphine\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [14889 octets] - [16/03/2013 17:57:11]

########## EOF - C:\AdwCleaner[S1].txt - [14950 octets] ##########






My laptop is running well. Faster than usual :), without any delays so far. I can open files with ease.
  • 0

#10
Buddierdl
Posted 16 March 2013 - 09:20 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
HI Joey23,

You had a worm on your computer, so please avoid using any USB drives until we can clean them. We will do this in our next post, after I make sure your computer is clean.

You also have two anti-viruses running on your computer: Norton and Microsoft Security Essentials. Having more than one can cause problems with your PC. Please let me know which one you would like to keep.

Step 1: Run MBAM.

  • Please open Malwarebytes and make sure that its definitions are updated.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 2: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Step 3: Run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Step 4: Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need in your next reply:
  • MBAM log
  • ESET log
  • aswMBR log
  • Is the computer still behaving?

  • 0

Advertisements

#11
Joey23
Posted 17 March 2013 - 11:05 PM

Joey23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello,

I would like to keep the Microsoft Security essentials.


MBAM log:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.17.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Joesphine :: JOESPHINE-HP [administrator]

Protection: Enabled

17/03/2013 7:22:21 PM
mbam-log-2013-03-17 (19-22-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261931
Time elapsed: 17 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




ESET log:

C:\Program Files\QuickMediaConverter\AskInstallChecker-1.5.0.0.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\QuickMediaConverter\askToolbarInstaller-1.9.1.0.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\316H7U8Q\quotes-graphicsgod-quotes[1].htm HTML/ScrInject.B.Gen virus
C:\Users\Joesphine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\36370797-557129b6 Java/Exploit.CVE-2012-0507.BR trojan
C:\Users\Joesphine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\7db6e8a2-70a763bc Java/Exploit.CVE-2012-0507.BR trojan
C:\Users\Joesphine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\1449f3bd-4adfb822 Java/Exploit.CVE-2012-0507.BR trojan
C:\Users\Joesphine\Desktop\Uni\Griffith University, Nursing\Semester 1 2012\BundleSweetIMSetup.exe a variant of Win32/SweetIM.C application
C:\Users\Joesphine\Downloads\Install-Hd-4-5-0-0 (1).zip a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Joesphine\Downloads\Install-Hd-4-5-0-0.zip a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Joesphine\Downloads\SoftonicDownloader_for_photoscape-portable.exe a variant of Win32/SoftonicDownloader.E application
C:\Users\Joesphine\Downloads\WinZip170.exe a variant of Win32/OpenInstall application




aswMBR log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-18 14:23:47
-----------------------------
14:23:47.275 OS Version: Windows x64 6.1.7600
14:23:47.275 Number of processors: 4 586 0x2505
14:23:47.276 ComputerName: JOESPHINE-HP UserName: Joesphine
14:23:52.814 Initialize success
14:24:16.363 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:24:16.368 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 3
14:24:16.392 Disk 0 MBR read successfully
14:24:16.395 Disk 0 MBR scan
14:24:16.400 Disk 0 unknown MBR code
14:24:16.414 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
14:24:16.428 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 458763 MB offset 409600
14:24:16.457 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17873 MB offset 939956224
14:24:16.481 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
14:24:16.524 Disk 0 scanning C:\Windows\system32\drivers
14:24:27.943 Service scanning
14:25:25.147 Modules scanning
14:25:25.164 Disk 0 trace - called modules:
14:25:25.200 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:25:25.538 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027ab790]
14:25:25.548 3 CLASSPNP.SYS[fffff88001d9243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002532050]
14:25:25.558 Scan finished successfully
14:43:34.057 Disk 0 MBR has been saved successfully to "C:\Users\Joesphine\Desktop\MBR.dat"
14:43:34.063 The log file has been saved successfully to "C:\Users\Joesphine\Desktop\aswMBR.txt"











Checkup Log:


Results of screen317's Security Check version 0.99.61
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Norton Internet Security
(On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 24
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 25.0.1364.152
Google Chrome 25.0.1364.172
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 27% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````







Also, the laptop is still going great :)
  • 0

#12
Buddierdl
Posted 18 March 2013 - 12:58 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Joey23,

Let's continue to clean up. We'll get rid of the last few remnants, remove Norton, and clean your USB drives.

Step 1: Run OTL fix.

Please be aware that this fix will delete your temporary files. If the virus has "hidden" any of your files, please do not run the fix, but stop and let me know.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
[createrestorepoint]

:Files
c:\windows\SysWow64\shoF7D6.tmp
c:\windows\SysWow64\sho8905.tmp
C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\316H7U8Q\quotes-graphicsgod-quotes[1].htm 
C:\Users\Joesphine\Desktop\Uni\Griffith University, Nursing\Semester 1 2012\BundleSweetIMSetup.exe
C:\Users\Joesphine\Downloads\SoftonicDownloader_for_photoscape-portable.exe
C:\Users\Joesphine\Downloads\WinZip170.exe

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

Step 2: Uninstall Norton.

Please open your control panel and open the "Programs and Features" page. From there, please uninstall Norton Internet Security (NIS). Then, please download the Norton Removal Tool and run it to remove any remnants.

Now, we need to make sure MSE is not corrupt. Please download and run the Fix MSE tool. Let me know how it goes.

Step 3: Submit file to VirusTotal.

Please go to VirusTotal and upload the file named MBR.dat on your desktop for scanning. Please send me a link to the results page.

Step 4: Clean USB drives.

We need to clean any protect your USB drives that may have been infected.

  • Download McShield to your desktop and install.
  • It will initially run a scan and show the results in a banner that will pop up near your clock (bottom right of screen).
  • When the initial scan is finished, open up the program, select the Scanner tab and tick unhide items on flash drives.
    Posted Image
  • Now insert any USB drive that have been connected to this computer since it got infect. The program will scan each drive as it is plugged in. Allow it to finish for each drive that you have.
  • Then get the log which will be located here :
    Start > all programs > MCShield > logs > all scans
    And post it for me.

Things I need in your next reply:
  • OTL fix log
  • Did Norton uninstall ok?
  • VirusTotal link
  • McShield log
  • Any problems?

  • 0

#13
Joey23
Posted 19 March 2013 - 04:30 AM

Joey23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
c:\windows\SysWow64\shoF7D6.tmp moved successfully.
c:\windows\SysWow64\sho8905.tmp moved successfully.
C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\316H7U8Q\quotes-graphicsgod-quotes[1].htm moved successfully.
C:\Users\Joesphine\Desktop\Uni\Griffith University, Nursing\Semester 1 2012\BundleSweetIMSetup.exe moved successfully.
C:\Users\Joesphine\Downloads\SoftonicDownloader_for_photoscape-portable.exe moved successfully.
C:\Users\Joesphine\Downloads\WinZip170.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Account Two
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57616 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 1212111 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Joesphine
->Temp folder emptied: 20638974 bytes
->Temporary Internet Files folder emptied: 1572455000 bytes
->Java cache emptied: 11487497 bytes
->Google Chrome cache emptied: 1931997 bytes
->Flash cache emptied: 156870 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105786 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51349 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,534.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03192013_193026

Files\Folders moved on Reboot...
C:\Users\Joesphine\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R44PJHNB\AjaxHistoryFrame[1].htm moved successfully.
C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R44PJHNB\RteFrameResources[1].htm moved successfully.
File\Folder C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MT06ECBD\flextag[1].htm not found!
C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MT06ECBD\GFXHasherAjaxIFrame_e8u3OtQonFhEjc0Yi_3RCA2[1].htm moved successfully.
File\Folder C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MT06ECBD\GFXHasherVerification[1].htm not found!
C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MT06ECBD\search[1].htm moved successfully.
C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MT06ECBD\xmlProxy[1].htm moved successfully.
C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JF5GH3JL\xmlProxy[1].htm moved successfully.
File\Folder C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F7N6S9JQ\AttachmentUploader[1].htm not found!
File\Folder C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F7N6S9JQ\default[1].htm not found!
C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Joesphine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...







Step 2:
The uninstallation of Norton was successful. No troubles.

I tried to run the Fix MSC file, but it pops up with a screen saying 'Microsoft Security Essentials is not found on the system'.



Step 3:
The Virus total Link: https://www.virustot...1dafb/analysis/



Step 4:
I haven't connected any usb drives since my Laptop got infected. The only type of usb port I connected was the one to my mobile phone to connect the internet and transfer files to and from my mobile. Should I scan it?


And nope, no problems so far :)

Edited by Joey23, 19 March 2013 - 04:42 AM.

  • 0

#14
Joey23
Posted 19 March 2013 - 04:31 AM

Joey23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Also, thank you for your persistent assistance. I appreciate it immensely.
  • 0

#15
Buddierdl
Posted 19 March 2013 - 09:53 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Joey23,

We're getting closer.

Step 1: Microsoft Security Essentials appears to be corrupted on your machine so we need to uninstall and reinstall it. Please avoid browsing the internet until you perform this step. First, go to the Control Panel again and uninstall "Microsoft Security Essentials." It might also be called "Microsoft Security Client." Now, please download the installer and reinstall MSE. Let me know if it all goes well.

Step 2: Upload to VirusTotal.

I think you made a mistake in scanning MBR.dat. The link you sent me is 7 months old. Sometimes when you upload a file, it tells you that the file has already been scanned before. When you see this, you need to select the button to tell it to scan the file again anyways. Please try again and send me the new link.

Step 3: Run McShield.

I haven't connected any usb drives since my Laptop got infected. The only type of usb port I connected was the one to my mobile phone to connect the internet and transfer files to and from my mobile. Should I scan it?


If you can store files on the phone, it would be a good idea to install the program first, then let it scan the phone.

Let me know how all this goes, then we can go on to making sure your computer is updated and secure.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP