Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PUP.Optional.DealPly.A ? ? [Solved]

Started by coro71 , Jan 20 2014 04:42 PM

  • This topic is locked This topic is locked

#1
coro71
Posted 20 January 2014 - 04:42 PM

coro71

    Member

  • Member
  • PipPip
  • 23 posts
Hello!

Days ago I noticed my search engine was hijacked.. ran Malwarebytes and found 300+ items infected... well, during the past day i've run also adwcleaner and JRT and it seems my pc is clean But im not sure as the performance of this computer has decreased a lot.. could you please check if im ok? below is the otl log.

Thanks!

OTL logfile created on: 1/20/2014 16:15:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.03% Memory free
3.85 Gb Paging File | 3.19 Gb Available in Paging File | 82.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 221.12 Gb Total Space | 117.80 Gb Free Space | 53.27% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 4.89 Gb Free Space | 41.66% Space Free | Partition Type: FAT32
Drive G: | 149.05 Gb Total Space | 119.19 Gb Free Space | 79.96% Space Free | Partition Type: NTFS

Computer Name: PODEROSA | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/20 04:16:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2014/01/18 19:32:29 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/01/18 07:28:52 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/04/22 09:05:32 | 000,720,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/30 08:08:11 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2013/03/06 01:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2009/12/18 10:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java613\bin\jqs.exe
PRC - [2009/12/05 12:36:42 | 000,045,056 | ---- | M] (Intuit) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/08/12 17:20:28 | 000,615,720 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/03/25 12:48:56 | 001,503,290 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
PRC - [2008/06/27 15:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/02 19:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/02/25 17:06:20 | 000,212,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2004/02/25 16:39:48 | 000,176,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/02/25 16:15:50 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2002/07/02 17:56:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE


========== Modules (No Company Name) ==========

MOD - [2014/01/18 20:11:24 | 016,287,624 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll
MOD - [2014/01/18 19:31:56 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/10/25 15:11:15 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll
MOD - [2013/10/25 15:01:38 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/10/25 15:01:36 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/12 06:57:16 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/03/06 01:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/31 11:55:54 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2001/10/29 01:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfmonnt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2014/01/18 20:11:30 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/18 19:32:28 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/09 00:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/03/06 01:21:52 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/12/18 10:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java613\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/05 12:36:42 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/12 17:20:28 | 000,615,720 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/06/27 15:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 10:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt2870.sys -- (rt2870)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\NSNDIS5.SYS -- (NSNDIS5)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/08/12 17:07:02 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/01/14 01:23:00 | 000,458,752 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/10/01 15:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/05/13 18:08:04 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/22 16:38:03 | 002,845,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/14 03:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/11/14 03:26:34 | 000,009,728 | R--- | M] (Samsung Electronics, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\magicpvt.sys -- (magicpvt)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 13:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/04 08:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/02/13 23:09:20 | 000,244,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116)
DRV - [2003/07/24 11:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2002/07/24 13:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 10:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 10:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 10:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 10:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 10:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2002/07/19 10:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/08/17 15:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
DRV - [2001/08/17 15:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
DRV - [2001/08/17 15:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
DRV - [2001/08/17 15:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.3
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:21.9
FF - prefs.js..extensions.enabledAddons: %7BCE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B%7D:4.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/08/14 20:34:18 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java613\lib\deploy\jqs\ff [2009/03/29 17:21:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/30 08:11:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/30 08:11:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/18 19:31:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/18 21:30:03 | 000,000,000 | ---D | M]

[2009/03/29 06:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2009/03/24 20:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\[email protected]
[2014/01/18 19:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9rr4eh38.default\extensions
[2014/01/18 19:46:53 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9rr4eh38.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/25 22:03:05 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9rr4eh38.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/02/01 13:04:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9rr4eh38.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/04/02 19:01:53 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9rr4eh38.default\extensions\[email protected]
[2013/10/29 21:16:26 | 000,348,260 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9rr4eh38.default\extensions\[email protected]
[2014/01/18 19:43:00 | 000,536,648 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9rr4eh38.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/04/15 11:09:14 | 000,221,336 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9rr4eh38.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2014/01/18 19:46:52 | 000,327,582 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9rr4eh38.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2014/01/18 19:43:04 | 000,940,775 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9rr4eh38.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010/08/14 20:45:04 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\9rr4eh38.default\searchplugins\bing.xml
[2014/01/18 19:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/01/18 19:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/01/18 19:32:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/30 08:08:30 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

O1 HOSTS File: ([2011/09/05 11:49:17 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java613\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java613\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://jpass.bankof...perSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://jpass2.bnyme...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65E415FD-30C8-4F30-B446-213205601A5F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1981F4D-17A3-4E2A-9253-27159CB8DDC0}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/15 16:23:00 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 13:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1195b71f-3728-11de-b633-0015f27add93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1195b71f-3728-11de-b633-0015f27add93}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{1195b71f-3728-11de-b633-0015f27add93}\Shell\phone\command - "" = H:\autorun.exe
O33 - MountPoints2\{7a682cc1-8637-11df-b84b-0024b2510fca}\Shell\AutoRun\command - "" = H:\.\EncryptionTool\MaxtorEncryption.exe
O33 - MountPoints2\{8dcbf880-e0f0-11dc-9887-806d6172696f}\Shell\AutoRun\command - "" = H:\Info.exe folder.htt 480 480
O33 - MountPoints2\{ba9bfa3e-53e6-11da-9f04-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ba9bfa3e-53e6-11da-9f04-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba9bfa3e-53e6-11da-9f04-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\{e70ac1a8-de8f-11de-b78d-0024b2510fca}\Shell - "" = AutoRun
O33 - MountPoints2\{e70ac1a8-de8f-11de-b78d-0024b2510fca}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e70ac1a8-de8f-11de-b78d-0024b2510fca}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/20 04:21:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/20 04:19:24 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\HP_Administrator\Desktop\JRT.exe
[2014/01/20 04:16:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2014/01/18 20:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/01/18 19:55:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/18 19:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/01/18 07:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/03/02 08:57:31 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\HP_Administrator\gotomypc_540.exe
[2009/11/24 12:09:29 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\HP_Administrator\gotomypc_438.exe

========== Files - Modified Within 30 Days ==========

[2014/01/20 16:22:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2014/01/20 16:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/20 15:56:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2421650243-2385054442-1076176793-1008UA.job
[2014/01/20 15:38:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/01/20 15:34:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/20 13:15:30 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/20 13:14:23 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2014/01/20 13:10:19 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2421650243-2385054442-1076176793-1008.job
[2014/01/20 13:09:53 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2421650243-2385054442-1076176793-1008.job
[2014/01/20 13:09:48 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2421650243-2385054442-1076176793-1008.job
[2014/01/20 13:06:33 | 003,375,184 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000002-80691102}.CDF
[2014/01/20 13:06:33 | 003,375,184 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000002-80691102}.BAK
[2014/01/20 13:04:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/20 13:04:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/20 13:04:15 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\magicpvt.dat
[2014/01/20 13:04:13 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/20 12:59:53 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\driver.dat
[2014/01/20 07:27:00 | 000,029,808 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000002-80691102}.rfx
[2014/01/20 07:27:00 | 000,029,808 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000002-80691102}.rfx
[2014/01/20 07:27:00 | 000,017,932 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000002-80691102}.rfx
[2014/01/20 07:27:00 | 000,017,932 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000002-80691102}.rfx
[2014/01/20 07:27:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2014/01/20 07:27:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2014/01/20 07:26:59 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80691102}.dat
[2014/01/20 07:26:59 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000002-80691102}.dat
[2014/01/20 04:19:29 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\HP_Administrator\Desktop\JRT.exe
[2014/01/20 04:16:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2014/01/20 03:55:37 | 000,381,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/19 08:56:02 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2421650243-2385054442-1076176793-1008Core.job
[2014/01/18 21:35:58 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/18 21:35:57 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/01/18 19:55:22 | 001,236,282 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\adwcleaner.exe
[2014/01/18 13:32:03 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2421650243-2385054442-1076176793-1008.job
[2014/01/18 11:34:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/18 10:22:37 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/18 07:37:21 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2014/01/17 08:55:22 | 000,821,020 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\birthcertificateluciana.jpg
[2014/01/17 08:43:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2014/01/20 04:49:10 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2421650243-2385054442-1076176793-1008.job
[2014/01/20 03:14:35 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/18 21:35:58 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/18 21:35:56 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/01/18 19:55:15 | 001,236,282 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\adwcleaner.exe
[2014/01/18 07:38:00 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2014/01/18 07:37:21 | 000,001,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2014/01/17 08:54:44 | 000,821,020 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\birthcertificateluciana.jpg
[2013/11/16 11:48:41 | 000,044,844 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\.recently-used.xbel
[2013/11/15 00:29:56 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2010/11/06 14:17:01 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\usb001
[2009/09/20 16:56:48 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2008/03/24 09:43:05 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\default.pls
[2008/03/22 12:48:18 | 002,265,137 | ---- | C] () -- C:\Program Files\ISDT_ATR425pack1.0.exe
[2008/02/25 17:01:34 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/02/23 19:59:21 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/21 21:56:35 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/05 18:29:06 | 035,181,450 | ---- | C] () -- C:\Program Files\yak42_V2.0.exe
[2007/03/15 22:15:17 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2004/04/27 03:57:04 | 000,000,360 | ---- | C] () -- C:\Program Files\avsim.diz

========== ZeroAccess Check ==========

[2005/08/31 06:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/07/06 19:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/12/11 21:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Earthsim
[2014/01/18 21:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2009/03/01 15:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/02/23 12:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/07/05 21:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/09/19 18:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2010/07/06 20:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2013/11/15 00:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf-convert
[2013/02/20 19:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/08/24 01:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/07/05 21:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/07/19 17:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2013/02/20 18:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2008/08/24 02:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/01 10:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/03/16 18:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/05/01 15:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/26 13:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 18:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/07/17 11:25:33 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\???????sAppData) -- C:\Documents and Settings\HP_Administrator\Application Data\敎潲䍄敔灭慬整sAppData
[2011/07/17 11:25:33 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\???????sAppData) -- C:\Documents and Settings\HP_Administrator\Application Data\敎潲䍄敔灭慬整sAppData
(C:\Documents and Settings\HP_Administrator\Application Data\???????sAppData) -- C:\Documents and Settings\HP_Administrator\Application Data\敎潲䍄敔灭慬整sAppData

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\VENTAS.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\VEntas VS.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\USCIS Vermont Service Center2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\Picture 3.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\Lucía Alvear C- Midterm Report.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\Los Casal-Alvear.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\Jose_CoronelCV.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\iTunes Diagnostics.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\italia64733.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\fotos.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\BUSINESS Morning Edition Program 2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\ALVEAR JENNY 1.doc:Roxio EMC Stream
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CF23EC3

< End of report >
  • 0

Advertisements

#2
coro71
Posted 20 January 2014 - 08:52 PM

coro71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi again, microsoft essentials is picking up the following after thinking all is correct.. but clearly im not done yet / I added also the OTL extras

Thanks!



Category: Tool

Description: This program has potentially unwanted behavior.

Recommended action: Permit this detected item only if you trust the program or the software publisher.

Items:
containerfile:C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP912\A0183688.exe
file:C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP912\A0183688.exe->[lowcase_mzpe]









OTL Extras logfile created on: 1/20/2014 16:15:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.03% Memory free
3.85 Gb Paging File | 3.19 Gb Available in Paging File | 82.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 221.12 Gb Total Space | 117.80 Gb Free Space | 53.27% Space Free | Partition Type: NTFS
Drive D: | 11.74 Gb Total Space | 4.89 Gb Free Space | 41.66% Space Free | Partition Type: FAT32
Drive G: | 149.05 Gb Total Space | 119.19 Gb Free Space | 79.96% Space Free | Partition Type: NTFS

Computer Name: PODEROSA | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
"C:\Program Files\MagicTune Premium\MagicTune.exe" = C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1319A9A7-C690-285F-FB22-FC6172DF3DB9}" = ccc-core-static
"{16105864-23F0-6242-A1D7-06DCB32244B6}" = Catalyst Control Center Graphics Full New
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{190772CB-88C3-BC16-D9F4-29ED96EA070F}" = Catalyst Control Center Graphics Previews Common
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{20292BBB-C7D7-4526-9E38-42C4A5C2A3A6}" = H&R Block Deluxe + Efile 2009
"{2041A2A9-3641-402B-96F7-369103E927EB}" = Fly-Honduras
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22944268-4375-294B-219A-08A9288142FC}" = CCC Help English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 18
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{466B21EE-2858-4845-B2B3-056FC544DAA3}" = Logitech QuickCam
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C9DC3EF-B9BA-B15E-5670-D6FA8762AEA8}" = Catalyst Control Center Graphics Full Existing
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{5179641A-DC14-3A2E-BD53-480D4136C368}" = Google Talk Plugin
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6E3CEC6E-D5CD-32E7-110E-F34EB5004D26}" = Skins
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7330262C-0A1C-4B3B-ACFF-7EEC5BF65CCF}" = H&R Block Deluxe + Efile 2011
"{74669C8B-4D0A-4237-997F-3E1C92331F7D}" = PDFConverter Printer Driver
"{7501D933-23C3-400F-92C7-0FAD97819B48}" = Catalyst Control Center Core Implementation
"{7516254D-7F98-49DD-8209-5D2208BD1033}" = Nero 7 Ultra Edition
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{78E9A751-5616-233F-1249-16AC5758C646}" = muvee Reveal Seagate Edition
"{79207BEE-6CD3-483C-824C-944663BACAC4}" = TaxCut Premium + Efile 2008
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7DDEABFB-0621-4321-B385-CB86D3A6F90F}" = F4100
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Basic + Efile 2012
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97F4D62E-5AEB-4649-BABF-4712C6EF6845}" = DeductionPro 2009
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A901BF63-29AD-49A3-B067-231925E98B62}_is1" = Version 1.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACE22C48-49D7-4531-BE20-5C3D03393AB6}" = F4100_Help
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B5428E17-1886-4DBB-A148-DACBB60D7A3D}" = MagicRotation
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB0D4901-BF3B-4599-6148-642E17D748CF}" = ccc-utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{D563054D-307E-45B6-D349-1F5BFE0380A0}" = ccc-core-preinstall
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{DFB0FED6-0010-4E9B-A402-E513F2459161}" = muvee autoProducer unPlugged 1.2
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E343CA30-9714-FA47-1D4F-D874B82D2404}" = Catalyst Control Center Graphics Light
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7137AFD-4E43-47A6-BDC7-533808F72B36}" = muvee autoProducer 4.5
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FADBD613-F82B-4682-9B2B-05BA9FEF82F9}" = DIMM Formularios
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Air Canada A330-343" = Air Canada A330-343
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AwayMode160" = Microsoft Away Mode
"Ben Gurion Airport 2006" = Ben Gurion Airport 2006
"BF-Quito 2005" = BF-Quito 2005
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"DivX Setup.divx.com" = DivX Setup
"Emirates Airlines A330-200" = Emirates Airlines A330-200
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"Fokker F28 v1.1 UPDATE_is1" = Fokker F28 v1.1 UPDATE
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"General Maunel Piar Puerto Ordaz" = General Maunel Piar Puerto Ordaz
"Gmax Mirage F1v2.5_is1" = Mirage F1v2.5
"Google Updater" = Google Updater
"GUAYAQUIL for FS2004" = GUAYAQUIL for FS2004
"GuayaquilFS9_is1" = Guayaquil FS9
"HP Document Viewer" = HP Document Viewer 5.3
"HP Image Zone for Media Center PC" = HP Image Zone for Media Center PC
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"LAS ISLAS GALÁPAGOS 2005 for FS2004" = LAS ISLAS GALÁPAGOS 2005 for FS2004
"LATAM Virtual Vol. 2 - Escenarios de PANAMA" = LATAM Virtual Vol. 2 - Escenarios de PANAMA
"Maiquetia 2004 " = Maiquetia 2004
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mirage 2000 N version Lisse LABORIE Roland" = Mirage 2000 N version Lisse LABORIE Roland
"Mozilla Firefox 26.0 (x86 en-GB)" = Mozilla Firefox 26.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Pdf995" = Pdf995 (installed by H&R Block)
"PDFConverter Printer Driver_is1" = PDFConverter Printer Driver version 2.00
"PdfEdit995" = PdfEdit995 (installed by H&R Block)
"PFJ Fokker F28 v1 for FS2004_is1" = PFJ Fokker F28 v1
"PhotoFiltre" = PhotoFiltre
"Piarco Fs2004 By Jaime Ortega" = Piarco Fs2004 By Jaime Ortega
"Picasa 3" = Picasa 3
"Picasa2" = Picasa 2
"PS Panels 737NG Panel System_is1" = PS Panels 737NG Version 1.1
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QcDrv" = Logitech® Camera Driver
"RealPlayer 16.0" = RealPlayer
"Scandinavian Airlines A330-300" = Scandinavian Airlines A330-300
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Tupolev Tu-95MS and Tu-142M" = Tupolev Tu-95MS and Tu-142M
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yakovlev Yak-42" = Yakovlev Yak-42

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Analog Clock" = Analog Clock
"Arequipa 2007" = Arequipa 2007
"British Airways A320" = British Airways A320
"Cuzco 2007" = Cuzco 2007
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Pisco 2007" = Pisco 2007
"Quito for FS9 (Update)" = Quito for FS9 (Update)
"Real Alcaraván 2011 FS2004" = Real Alcaraván 2011 FS2004
"Roatan FS2004" = Roatan FS2004
"Tacna 2007" = Tacna 2007

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/18/2014 20:34:38 | Computer Name = PODEROSA | Source = Microsoft Security Client | ID = 5000
Description =

Error - 1/18/2014 21:46:35 | Computer Name = PODEROSA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/18/2014 21:46:35 | Computer Name = PODEROSA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/18/2014 22:39:28 | Computer Name = PODEROSA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/18/2014 22:39:28 | Computer Name = PODEROSA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/18/2014 22:39:28 | Computer Name = PODEROSA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/18/2014 22:39:28 | Computer Name = PODEROSA | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/18/2014 23:16:35 | Computer Name = PODEROSA | Source = Application Hang | ID = 1002
Description = Hanging application WN111V2.exe, version 2.0.0.13, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2014 04:34:38 | Computer Name = PODEROSA | Source = Chrome | ID = 1
Description =

Error - 1/20/2014 05:21:13 | Computer Name = PODEROSA | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

[ System Events ]
Error - 1/18/2014 08:29:22 | Computer Name = PODEROSA | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 1/18/2014 08:30:00 | Computer Name = PODEROSA | Source = Service Control Manager | ID = 7034
Description = The AdpeakProxy service terminated unexpectedly. It has done this
1 time(s).

Error - 1/18/2014 08:30:25 | Computer Name = PODEROSA | Source = Service Control Manager | ID = 7034
Description = The AdpeakProxy service terminated unexpectedly. It has done this
2 time(s).

Error - 1/18/2014 08:30:30 | Computer Name = PODEROSA | Source = DCOM | ID = 10010
Description = The server {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD} did not register
with DCOM within the required timeout.

Error - 1/18/2014 10:23:32 | Computer Name = PODEROSA | Source = Service Control Manager | ID = 7023
Description = The HP CUE DeviceDiscovery Service service terminated with the following
error: %%126

Error - 1/18/2014 10:23:32 | Computer Name = PODEROSA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 1/18/2014 10:23:50 | Computer Name = PODEROSA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2 NCPro

Error - 1/18/2014 12:07:19 | Computer Name = PODEROSA | Source = Service Control Manager | ID = 7023
Description = The HP CUE DeviceDiscovery Service service terminated with the following
error: %%126

Error - 1/18/2014 12:07:19 | Computer Name = PODEROSA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 1/18/2014 12:07:35 | Computer Name = PODEROSA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2 NCPro


< End of report >
  • 0

#3
Dakeyras
Posted 21 January 2014 - 10:58 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Virus, Spyware, Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

Days ago I noticed my search engine was hijacked.. ran Malwarebytes and found 300+ items infected... well, during the past day i've run also adwcleaner and JRT and it seems my pc is clean But im not sure as the performance of this computer has decreased a lot.. could you please check if im ok? below is the otl log.

Your machine does indeed appear to be still infected, however before going any further and or anything of a proactive nature I would like to review all logs(if still available) please.

AdwCleaner Log:

This can be found within the following folder at the root of your machines hard-drive...

C: >> AdwCleaner >> AdwCleaner[S0].txt

Junkware Removal Tool:

Should be located on the desktop...

C:\Documents and Settings\HP_Administrator\Desktop\JRT.txt

Malwarebytes Anti-Malware:

Launch Malwarebytes' Anti-Malware >> click on the Logs radio tab.

Note: Post all requested logs separately if the need.

Next:

Regarding the below:-

Items:
containerfile:C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP912\A0183688.exe
file:C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP912\A0183688.exe->[lowcase_mzpe]

Merely denotes infected System Restore points and we can address those when I give the all clear.
  • 0

#4
coro71
Posted 21 January 2014 - 12:23 PM

coro71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thanks Dakeyras, as the computer infected is at home, i will post the info needed tonight

Regards,

Ricardo
  • 0

#5
Dakeyras
Posted 21 January 2014 - 02:11 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Acknowledged and you're welcome. :)
  • 0

#6
coro71
Posted 22 January 2014 - 11:42 AM

coro71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Apologies, but before i got your first response I have set my pc to run a chskdsk and when I returned home it was still running! (not sure if C: drive will fail) . So i decided to let it finish, so i promise tonight to post what you have requested.

Thanks!

Ricardo
  • 0

#7
Dakeyras
Posted 22 January 2014 - 03:34 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Acknowledged. :)
  • 0

#8
coro71
Posted 22 January 2014 - 07:15 PM

coro71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Ok,please see attached, thanks!

Attached Files


  • 0

#9
Dakeyras
Posted 23 January 2014 - 02:20 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi,

I have bad news I'm afraid. :(

One or more of the identified infections is a variant of the extremely severe Zero Access Rootkit plus undoubtedly other comprising malware!

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows Operating System, and that is the course I strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Next:

I can attempt to clean this machine(anything I try may not be successful and the machine may loose internet connectivity) but I can't guarantee that it will be at all secure afterwards.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
  • 0

#10
coro71
Posted 24 January 2014 - 06:50 PM

coro71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi, thanks for everything, i have decided i will fornat the c drive. Question, i want to move my pictures from c to another hd in same computer, will those files be infecte? Do i nneed to erase all info from that other drive?

Regards

Ricardo
  • 0

#11
Dakeyras
Posted 25 January 2014 - 02:21 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

thanks for everything

You're welcome!

i have decided i will fornat the c drive

Fair play, if it was one of my own machines I would not hesitate to do so.

Question, i want to move my pictures from c to another hd in same computer, will those files be infecte? Do i nneed to erase all info from that other drive?

I am surmising you mean the drive designated G. Now if you are planning to move only pictures there is no evidence they are compromised so should be fine to do so. It would probably be prudent to format that drive also to err on the side of caution and anything you wish to save move to a form of removable storage media before doing so...

If you plan to use a USB Drive it would be a wise move to vaccinate that as follows first...

  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Plug it in.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Then before moving anything back again scan the USB drive with your security software first to err on the side of caution and drive G with the pictures on also before moving them back to the main drive.

With regard to the actual reformat and reinstallation of the Windows Operating System, are you planing to invoke/use what appears to be a Recovery Partition and or merely use a XP Installation CD to do so ? Plus would you care for some safety advice after the aforementioned reformat and reinstallation of the Windows Operating System ?
  • 0

#12
coro71
Posted 25 January 2014 - 04:07 PM

coro71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi thanks again for the added info, im planning using the recovery disks i know it will take a lot time installing updates again, but someone has to do it!. Yrs sure whatever advise you can give is really appreciated!
  • 0

#13
Dakeyras
Posted 26 January 2014 - 09:26 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Since you plan to use Recovery Disks which is defacto a reformat and reinstallation of the Windows Operating System. Your machine basically once this has been done will back to as it was the first time your booted it up. Most new machines when shipped by the vendors tend to come with all kinds of dross pre-installed and if the Recovery Disks are used this may very well be the case...

So this application here is worth both downloading and running.

--------------

Install all critical updates and relevant service packs via Windows Update. For XP the latest is SP3.

I would also ensure Internet Explorer is up-to date also. For XP based machines it is IE8. Reason being even if you opt not to use IE as your main browser having a out of date version installed can leave any one machine vulnerable to malware.

The aforementioned should be available via Windows Update, if not can be downloaded from here.

Once the machine is updated and fully patched, I do advise visiting Windows Update periodically as Microsoft releases patches for Windows and other products regularly.

Plus check Automatic Updates is enabled.

--------------

Then install a Anti-Virus software solution, only ever have one of such installed and active in system memory at any one time.

Either of the below will suffice:-

Which ever of the above you choose to install, automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this at least once per week.

--------------

Installing a specific Anti-Spyware application would be prudent, myself I recommend:-

Malwarebyte's Anti-Malware

During the installation process you will be offered the Malwarebytes' Anti-Malware Trial. Your choice to enable or not...

After installing, I advise check for updates and run a scan at least once per week.

--------------

Emergency Recovery Utility NT. I advice you consider installing this, as a means to keep a complete backup of your registry and restore it when needed. Instructions can be read here.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

--------------

A custom Host-File is a further layer of protection whilst browsing online.

Either of the below will suffice:-

Only use one of the above!

--------------

Consider installing WinPatrol. This application alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

The below is advised to use:-

How to prevent your computer from becoming infected by CryptoLocker

--------------

Finally the download/install of FileHippo Update Checker is prudent...to ensure all third party software is up-to date. As many such as Adobe and Java related applications for example if out of date can be exploited by malware.
  • 0

#14
Dakeyras
Posted 28 January 2014 - 03:56 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP