Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Laptop Is Possessed! Multi rogue security apps [Closed]


  • This topic is locked This topic is locked

#46
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
So well done! :)

 

Farbar Recovery Scan Tool (FRST)

  • Run FRST.
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

  • 0

Advertisements


#47
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
SCAN LOG

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014
Ran by Administrator (administrator) on JPRICELAP on 10-02-2014 12:20:57
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
(SUPERAntiSpyware.com) C:\AdwCleaner\newsas\SASCORE.EXE
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Symantec Corporation) C:\Program Files\Symantec AntiVirus\DefWatch.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(symantec) C:\Program Files\Symantec AntiVirus\SavRoam.exe
(Hewlett-Packard) C:\WINDOWS\system32\hphmon06.exe
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
() C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
() C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
() C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
(Symantec Corporation) C:\Program Files\SYMANT~1\VPTray .exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp .exe
() C:\Program Files\RealVNC\VNC4\WinVNC4.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\HP Software Update\HPWuSchd2 .exe
(Microsoft Corporation) C:\WINDOWS\system32\mqtgsvc.exe
() C:\Program Files\InterVideo\DVD Check\DVDCheck .exe
(Hewlett-Packard Corporation) C:\WINDOWS\system32\AccelerometerSt.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\digital imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
(Farbar) C:\Documents and Settings\Administrator\Desktop\tea.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Scheduler] - C:\WINDOWS\SMINST\Scheduler.exe [94736 2014-01-30] ()
HKLM\...\Run: [Reminder] - C:\WINDOWS\Creator\Remind_XP.exe [94736 2014-01-30] ()
HKLM\...\Run: [Recguard] - C:\WINDOWS\Sminst\Recguard.exe [94736 2014-01-30] ()
HKLM\...\Run: [MsmqIntCert] - regsvr32 /s mqrt.dll
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [94736 2014-01-30] ()
HKLM\...\Run: [Cpqset] - C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [94736 2014-01-30] ()
HKLM\...\Run: [CognizanceTS] - C:\Program Files\HEWLET~1\IAM\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [94736 2014-01-30] ()
HKLM\...\Run: [HPHmon06] - C:\WINDOWS\system32\hphmon06.exe [622592 2004-12-16] (Hewlett-Packard)
HKLM\...\Run: [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe [172032 2004-11-24] (HP)
HKLM\...\Run: [yxxa.exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa.exe" <===== ATTENTION
HKLM\...\Run: [yxxa .exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" <===== ATTENTION
HKLM\...\Run: [yxxa .exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" <===== ATTENTION
HKLM\...\Run: [yxxa .exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" <===== ATTENTION
HKLM\...\Run: [yxxa .exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" <===== ATTENTION
HKLM\...\Run: [yxxa .exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" <===== ATTENTION
HKLM\...\Run: [WatchDog] - C:\Program Files\InterVideo\DVD Check\DVDCheck .exe [94732 2014-02-10] ()
HKLM\...\Run: [vptray] - C:\Program Files\SYMANT~1\VPTray.exe [94724 2010-09-26] ()
HKLM\...\Run: [uPc+MV0NKNaXms] - rundll32.exe C:\WINDOWS\system32\c84h1m.dll, SystemServer
HKLM\...\Run: [Tyizoqibuz] - C:\WINDOWS\owugihaji.dll [205312 2008-04-14] ()
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [94724 2010-09-26] ()
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [94736 2014-01-30] ()
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.)
HKLM\...\Run: [QlbCtrl] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [163840 2007-05-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PTHOSTTR] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PDF Complete] - "C:\Program Files\PDF Complete\pdfsty.exe"
HKLM\...\Run: [MKfsZK] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfsZj] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfsZgK] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfsZgj] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfsZgc] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfsZg0] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfsZc] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfsZ0] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfJ] - C:\WINDOWS\win .exe
HKLM\...\Run: [MKfFc] - C:\WINDOWS\win .exe
HKLM\...\Run: [MKeuN] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKK] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKj] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKgK] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKgj] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKggc] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKgc] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKg0] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKc] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuK0] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKetWK] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWj] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWgK] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWgj] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWggK] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWggc] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWgg0] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWgc] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWg0] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWc] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetW0] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKdws] - C:\WINDOWS\nvsvc32 .exe
HKLM\...\Run: [MKdwpc] - C:\WINDOWS\nvsvc32 .exe
HKLM\...\Run: [MKcuK] - C:\WINDOWS\lsass .exe
HKLM\...\Run: [MKcuj] - C:\WINDOWS\lsass .exe [94732 2010-09-26] ()
HKLM\...\Run: [MKcugK] - C:\WINDOWS\lsass .exe [94728 2010-09-26] ()
HKLM\...\Run: [MKcugj] - C:\WINDOWS\lsass .exe [94728 2010-09-26] ()
HKLM\...\Run: [MKcuggK] - C:\WINDOWS\lsass .exe [94728 2010-09-26] ()
HKLM\...\Run: [MKcuggc] - C:\WINDOWS\lsass .exe [94732 2010-09-26] ()
HKLM\...\Run: [MKcugc] - C:\WINDOWS\lsass .exe [94728 2010-09-26] ()
HKLM\...\Run: [MKcug0] - C:\WINDOWS\lsass .exe [94732 2010-09-26] ()
HKLM\...\Run: [MKcu0] - C:\WINDOWS\lsass .exe [94732 2010-09-26] ()
HKLM\...\Run: [MKayK] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKayj] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKaygK] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKaygj] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKayggK] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKayggj] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKaygggK] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKaygggc] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKayggc] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKaygg0] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKaygc] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKayg0] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKay0] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [HPHUPD06] - C:\Program Files\Hewlett-Packard\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
HKLM\...\Run: [HP Software Update] - c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [94736 2014-01-30] ()
HKLM\...\Run: [HNUtcHXlrxK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxgK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxgj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxgggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxgg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxgc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv.exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrx0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrJ] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrf] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss.exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr4] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0K] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0j] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0g0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0c] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr00] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst.exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqv0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win.exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlq0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdQ] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5.exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdo] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdl0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfd6] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [ccApp] - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [94724 2010-09-26] ()
HKLM\...\Run: [AccelerometerSysTrayApplet] - C:\WINDOWS\system32\AccelerometerSt.exe [124928 2007-01-24] (Hewlett-Packard Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
Winlogon\Notify\OneCard: C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 1
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\COMMON~1\Microsoft Shared\DW\dwtrig20.exe [94724 2010-09-26] ()
HKU\.DEFAULT\...\Run: [SE11] - C:\Program Files\SecEss\SE11.exe
HKU\.DEFAULT\...\RunOnce: [TSClientMSIUninstaller] - cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
HKU\.DEFAULT\...\RunOnce: [TSClientAXDisabler] - cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 1
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\Run: [SUPERAntiSpyware] - C:\AdwCleaner\newsas\SUPERAntiSpyware.exe [5625624 2014-01-06] ()
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [94728 2010-09-26] ()
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\Policies\Explorer: [NoFolderOptions] 1
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\Policies\Explorer: [NoSetActiveDesktop] 1
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\MountPoints2: E - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\MountPoints2: {0b31a1c8-a251-11dc-a4a2-806d6172696f} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\Administrator.IDI\Start Menu\Programs\Startup\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
ShortcutTarget: DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files\palmOne\Hotsync.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hewlett-Packard\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
ShortcutTarget: HP Image Zone Fast Start.lnk -> C:\Program Files\Hewlett-Packard\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (No File)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\jprice\Start Menu\Programs\Startup\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\jprice\Start Menu\Programs\Startup\palmOne Registration.lnk
ShortcutTarget: palmOne Registration.lnk -> C:\Program Files\palmOne\register.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...d=smb&pf=laptop
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...d=smb&pf=laptop
SearchScopes: HKLM - DefaultScope value is missing.
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-27-0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll No File [ ]
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\AdwCleaner\newsas\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\AdwCleaner\newsas\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-06] (Cognizance Corporation)
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-21] (Cognizance Corporation)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [185968 2005-10-04] (Symantec Corporation)
S3 ccPwdSvc; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [83568 2005-10-04] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [177776 2005-10-04] (Symantec Corporation)
R2 DefWatch; C:\Program Files\Symantec AntiVirus\DefWatch.exe [20208 2005-11-15] (Symantec Corporation)
S3 HP Port Resolver; C:\WINDOWS\system32\hpbpro.exe [77824 2004-06-02] (Hewlett-Packard Company)
S3 HP Status Server; C:\WINDOWS\system32\hpboid.exe [73728 2004-06-02] (Hewlett-Packard Company)
R2 msftesql$PROPHETSQL; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [92952 2006-08-28] (Microsoft Corporation)
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] ()
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2008-04-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2008-04-14] (Microsoft Corporation)
R2 MSSQL$PROPHETSQL; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29181272 2008-12-18] (Microsoft Corporation)
S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [294912 2006-01-12] (SoftThinks)
R2 SavRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [169200 2005-11-15] (symantec)
S3 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [214672 2005-10-19] (Symantec Corporation)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2008-01-17] (SolidWorks)
S3 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [992864 2005-03-30] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [1756912 2005-11-15] (Symantec Corporation)
S4 MSSQLServerADHelper; "C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [X]
R2 SQLBrowser; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [X]
R2 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [X]
R2 WinVNC4; "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service [X]

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S3 ATSWPDRV; C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-11-01] (Broadcom Corporation)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [868298 2007-02-14] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-02-14] (Broadcom Corporation.)
R1 eabfiltr; C:\WINDOWS\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2010-05-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [102448 2010-05-27] (Symantec Corporation)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-21] (HP)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [36608 2006-09-19] (Infineon Technologies AG)
R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [92544 2008-04-14] (Microsoft Corporation)
R3 NAVENG; C:\Program Files\COMMON~1\Symantec Shared\VirusDefs\20100924.004\naveng.sys [85424 2010-07-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\COMMON~1\Symantec Shared\VirusDefs\20100924.004\navex15.sys [1362608 2010-07-15] (Symantec Corporation)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2004-06-09] (PalmSource, Inc.)
S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 SASDIFSV; C:\AdwCleaner\newsas\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\AdwCleaner\newsas\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SAVRT; C:\Program Files\Symantec AntiVirus\savrt.sys [334984 2005-08-26] (Symantec Corporation)
R1 SAVRTPEL; C:\Program Files\Symantec AntiVirus\Savrtpel.sys [53896 2005-08-26] (Symantec Corporation)
S3 slabbus; C:\WINDOWS\System32\DRIVERS\slabbus.sys [66672 2007-03-01] (MCCI)
S3 slabser; C:\WINDOWS\System32\DRIVERS\slabser.sys [100400 2007-03-01] (MCCI)
S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [372832 2005-03-30] (Symantec Corporation)
R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [108168 2005-09-16] (Symantec Corporation)
S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [24720 2005-10-19] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [195728 2005-10-19] (Symantec Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 VPROEVENTMONITOR; \??\C:\WINDOWS\system32\drivers\VProEventMonitor.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-10 12:20 - 2014-02-10 12:21 - 00059604 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-02-10 12:20 - 2014-02-10 11:58 - 01139200 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\tea.exe
2014-02-10 11:45 - 2014-02-10 11:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\HP
2014-02-10 11:42 - 2014-02-10 11:42 - 00000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2014-02-06 15:37 - 2014-02-06 15:40 - 00000000 ___SD () C:\Machiavelli
2014-02-06 14:50 - 2011-06-26 00:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-02-06 14:50 - 2010-11-07 11:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-02-06 14:50 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-02-06 14:50 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-02-06 14:50 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-02-06 14:50 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-02-06 14:50 - 2000-08-30 18:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-02-06 14:50 - 2000-08-30 18:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-02-06 14:50 - 2000-08-30 18:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-02-06 14:44 - 2014-02-06 14:49 - 00000000 ____D () C:\Qoobox
2014-02-06 14:44 - 2014-02-06 14:44 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-06 14:43 - 2014-02-06 14:27 - 05180173 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\Machiavelli.exe
2014-02-06 14:42 - 2014-02-06 14:28 - 01136640 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\apples.exe
2014-02-06 11:09 - 2014-02-06 10:56 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\oldmantimer.exe
2014-02-06 10:42 - 2014-02-06 10:13 - 01139200 _____ () C:\Documents and Settings\Administrator\Desktop\farapple.exe
2014-02-06 10:24 - 2014-02-06 10:13 - 01139200 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\TSRF.exe
2014-02-06 10:22 - 2014-02-06 10:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\tripping
2014-02-05 13:02 - 2014-02-10 12:20 - 00000000 ____D () C:\FRST
2014-02-05 13:01 - 2014-02-05 12:21 - 01139200 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-02-04 15:02 - 2014-02-03 22:50 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\LOT.exe
2014-02-04 14:49 - 2014-02-04 14:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\gummy
2014-02-04 00:39 - 2014-02-04 00:39 - 00000000 ____D () C:\pukingsoft
2014-02-04 00:34 - 2014-02-04 00:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2014-02-04 00:33 - 2014-02-04 00:33 - 00001543 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-04 00:33 - 2014-02-04 00:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-02-04 00:33 - 2014-02-04 00:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-02-04 00:27 - 2014-02-03 23:24 - 17946224 _____ (SUPERAntiSpyware) C:\Documents and Settings\Administrator\Desktop\SAS_634F563.EXE
2014-02-04 00:14 - 2014-02-04 00:14 - 00000000 _____ () C:\WINDOWS\system32\SBRC.dat
2014-02-04 00:13 - 2013-09-04 13:57 - 00024040 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2014-02-04 00:13 - 2013-05-23 07:39 - 00043368 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2014-02-04 00:11 - 2014-02-04 00:13 - 00000000 ____D () C:\VIPRERESCUE
2014-02-04 00:10 - 2014-02-03 23:32 - 149581824 _____ () C:\Documents and Settings\Administrator\Desktop\VIPRERescue26090.exe
2014-02-03 23:54 - 2014-02-03 23:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-03 23:50 - 2014-02-03 23:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\rkill
2014-02-03 23:49 - 2014-02-03 23:19 - 01933048 _____ () C:\Documents and Settings\Administrator\Desktop\rkill.exe
2014-02-03 23:21 - 2014-02-03 23:09 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.scr
2014-02-03 23:21 - 2014-02-03 23:09 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.com
2014-02-03 23:08 - 2014-02-03 22:50 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.exe
2014-02-03 20:44 - 2014-02-03 23:55 - 00000989 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-03 20:44 - 2014-02-03 23:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-03 20:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-03 19:23 - 2014-02-03 19:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-02-03 19:22 - 2014-02-03 19:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-03 19:19 - 2014-02-03 19:19 - 00000000 ____D () C:\Tech Support
2014-02-03 19:17 - 2014-02-03 16:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\9e5tusxsw1.exe
2014-02-03 18:39 - 2014-02-03 18:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Zeon
2014-02-03 18:13 - 2010-11-29 08:54 - 00446464 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\TFC.exe
2014-02-03 18:13 - 2010-06-28 14:37 - 00963827 _____ () C:\Documents and Settings\Administrator\Desktop\Eusing Free Registry Cleaner.exe
2014-02-03 16:57 - 2014-02-04 00:32 - 00000000 ____D () C:\AdwCleaner
2014-02-03 16:57 - 2014-02-03 16:41 - 01037068 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2014-02-03 16:57 - 2014-02-03 16:40 - 01166132 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
2014-02-03 16:55 - 2014-02-03 18:59 - 00005127 _____ () C:\WINDOWS\setupapi.log
2014-01-30 14:44 - 2010-09-26 17:45 - 00094748 ____H () C:\Documents and Settings\Administrator\Q2aRNUk5.com
2014-01-30 12:38 - 2010-09-26 17:45 - 00094748 ____H () C:\Documents and Settings\Administrator\Local Settings\Application Data\Q2aRNUk5.exe
2014-01-30 12:21 - 2014-01-30 12:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\{84ED3979-6E30-4DF7-89EB-0C7FF0627D09}
2014-01-30 12:20 - 2014-01-30 12:20 - 00000811 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-01-30 11:56 - 2014-01-30 11:56 - 00000097 _____ () C:\Documents and Settings\Administrator\LuResult.txt
2014-01-30 11:12 - 2014-01-30 11:12 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache

==================== One Month Modified Files and Folders =======

2014-02-10 12:21 - 2014-02-10 12:20 - 00059604 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-02-10 12:20 - 2014-02-05 13:02 - 00000000 ____D () C:\FRST
2014-02-10 12:14 - 2010-09-26 21:28 - 00660026 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-10 12:13 - 2004-08-07 07:14 - 00678654 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-10 12:08 - 2010-09-26 21:35 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-10 12:07 - 2010-09-26 21:38 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-10 12:07 - 2010-09-26 21:38 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-10 12:07 - 2007-10-04 11:06 - 00000000 ____D () C:\WINDOWS\SMINST
2014-02-10 12:06 - 2009-04-18 11:09 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job
2014-02-10 12:05 - 2004-08-07 07:19 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-10 11:58 - 2014-02-10 12:20 - 01139200 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\tea.exe
2014-02-10 11:56 - 2010-09-26 21:36 - 00032652 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-10 11:47 - 2010-09-26 13:47 - 00000416 _____ () C:\WINDOWS\Tasks\Updater.job
2014-02-10 11:45 - 2014-02-10 11:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\HP
2014-02-10 11:44 - 2007-12-03 22:08 - 00135864 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-02-10 11:42 - 2014-02-10 11:42 - 00000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2014-02-10 11:36 - 2004-08-07 07:19 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-10 11:36 - 2004-08-07 07:03 - 00000603 _____ () C:\WINDOWS\win.ini
2014-02-10 11:36 - 2004-08-07 06:57 - 00000223 ___SH () C:\boot.ini
2014-02-10 11:36 - 2004-08-06 23:53 - 00000227 _____ () C:\WINDOWS\system.ini
2014-02-06 15:40 - 2014-02-06 15:37 - 00000000 ___SD () C:\Machiavelli
2014-02-06 15:37 - 2007-10-04 09:36 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-02-06 14:49 - 2014-02-06 14:44 - 00000000 ____D () C:\Qoobox
2014-02-06 14:44 - 2014-02-06 14:44 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-06 14:28 - 2014-02-06 14:42 - 01136640 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\apples.exe
2014-02-06 14:27 - 2014-02-06 14:43 - 05180173 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\Machiavelli.exe
2014-02-06 10:56 - 2014-02-06 11:09 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\oldmantimer.exe
2014-02-06 10:22 - 2014-02-06 10:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\tripping
2014-02-06 10:13 - 2014-02-06 10:42 - 01139200 _____ () C:\Documents and Settings\Administrator\Desktop\farapple.exe
2014-02-06 10:13 - 2014-02-06 10:24 - 01139200 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\TSRF.exe
2014-02-05 12:21 - 2014-02-05 13:01 - 01139200 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-02-05 10:37 - 2007-10-04 10:31 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-02-04 14:50 - 2014-02-04 14:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\gummy
2014-02-04 14:39 - 2007-12-03 22:12 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-04 00:39 - 2014-02-04 00:39 - 00000000 ____D () C:\pukingsoft
2014-02-04 00:34 - 2014-02-04 00:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2014-02-04 00:33 - 2014-02-04 00:33 - 00001543 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-04 00:33 - 2014-02-04 00:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-02-04 00:33 - 2014-02-04 00:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-02-04 00:32 - 2014-02-03 16:57 - 00000000 ____D () C:\AdwCleaner
2014-02-04 00:14 - 2014-02-04 00:14 - 00000000 _____ () C:\WINDOWS\system32\SBRC.dat
2014-02-04 00:13 - 2014-02-04 00:11 - 00000000 ____D () C:\VIPRERESCUE
2014-02-03 23:55 - 2014-02-03 20:44 - 00000989 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-03 23:55 - 2014-02-03 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-03 23:50 - 2014-02-03 23:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\rkill
2014-02-03 23:32 - 2014-02-04 00:10 - 149581824 _____ () C:\Documents and Settings\Administrator\Desktop\VIPRERescue26090.exe
2014-02-03 23:30 - 2014-02-03 23:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-03 23:24 - 2014-02-04 00:27 - 17946224 _____ (SUPERAntiSpyware) C:\Documents and Settings\Administrator\Desktop\SAS_634F563.EXE
2014-02-03 23:19 - 2014-02-03 23:49 - 01933048 _____ () C:\Documents and Settings\Administrator\Desktop\rkill.exe
2014-02-03 23:09 - 2014-02-03 23:21 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.scr
2014-02-03 23:09 - 2014-02-03 23:21 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.com
2014-02-03 22:50 - 2014-02-04 15:02 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\LOT.exe
2014-02-03 22:50 - 2014-02-03 23:08 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.exe
2014-02-03 20:55 - 2007-12-03 21:48 - 00000000 ____D () C:\WINDOWS\pss
2014-02-03 19:23 - 2014-02-03 19:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-02-03 19:22 - 2014-02-03 19:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-03 19:19 - 2014-02-03 19:19 - 00000000 ____D () C:\Tech Support
2014-02-03 18:59 - 2014-02-03 16:55 - 00005127 _____ () C:\WINDOWS\setupapi.log
2014-02-03 18:39 - 2014-02-03 18:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Zeon
2014-02-03 16:42 - 2014-02-03 19:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\9e5tusxsw1.exe
2014-02-03 16:41 - 2014-02-03 16:57 - 01037068 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2014-02-03 16:40 - 2014-02-03 16:57 - 01166132 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
2014-01-30 14:44 - 2007-10-04 09:36 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-01-30 12:27 - 2007-10-04 11:06 - 00000000 ____D () C:\WINDOWS\CREATOR
2014-01-30 12:21 - 2014-01-30 12:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\{84ED3979-6E30-4DF7-89EB-0C7FF0627D09}
2014-01-30 12:20 - 2014-01-30 12:20 - 00000811 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-01-30 12:20 - 2007-10-04 09:36 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-01-30 12:19 - 2004-08-07 07:08 - 00000744 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-01-30 11:56 - 2014-01-30 11:56 - 00000097 _____ () C:\Documents and Settings\Administrator\LuResult.txt
2014-01-30 11:55 - 2008-02-18 22:19 - 00000000 ____D () C:\Documents and Settings\jprice\Start Menu\Programs\Index Dat Spy
2014-01-30 11:12 - 2014-01-30 11:12 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\jprice\Local Settings\Temp\win .exe
C:\Documents and Settings\jprice\Local Settings\Temp\win .exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
  • 0

#48
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
ADDITIONS LOG

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-02-2014
Ran by Administrator at 2014-02-10 12:22:22
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Symantec AntiVirus Corporate Edition (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (Version: - Microsoft) Hidden
2007 Microsoft Office system (Version: 12.0.6425.1000 - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Illustrator 8.0 (Version: 8.0 - Adobe Systems, Inc.)
Adobe Photoshop v4.0 (Version: - )
Adobe Reader 8.1.2 (Version: 8.1.2 - Adobe Systems Incorporated)
Agere Systems HDA Modem (Version: - Agere Systems)
Application Installer 4.00.B14 (Version: 4.00.B14 - Hewlett-Packard Company)
ATI Catalyst Control Center (Version: 1.007.2007.0202 - )
ATI Display Driver (Version: 8.342.2-070202a-044973C-HP - )
AutoCAD LT 2004 (Version: 16.0.0.086 - Autodesk)
Autodesk Express Viewer (Version: 3.1 - Autodesk, Inc.)
Broadcom 802.11 Wireless LAN Adapter (Version: 4.100.15.5 - Broadcom Corporation)
Broadcom NetXtreme Ethernet Controller (Version: 10.15.15 - Broadcom Corporation)
BufferChm (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Canon MF Drivers (Version: - )
Canon MP150 (Version: - )
Catalyst Control Center Core Implementation (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.0202.1934.34870 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Czech (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Danish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Dutch (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help English (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Finnish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help French (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help German (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Greek (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Hungarian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Italian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Japanese (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Korean (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Norwegian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Polish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Russian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Spanish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Swedish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Thai (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Turkish (Version: 2007.0202.1933.34870 - ATI) Hidden
ccc-Branding (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2007.0202.1934.34870 - ATI) Hidden
ccc-utility (Version: 2007.0202.1934.34870 - ATI) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Credential Manager for HP ProtectTools (Version: 2.5.0.880.13 - Hewlett-Packard )
Critical Update for Windows Media Player 11 (KB959772) (Version: - Microsoft Corporation)
CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
eDrawings 2008 (Version: 8.2.122 - SolidWorks)
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089) (Version: 9.2.3077 - Microsoft Corporation)
Google Earth (Version: 4.2.205.5730 - Google)
HP 3D DriveGuard (Version: 1.00 A4 - )
HP Backup and Recovery Manager Installer (Version: 2.4 - Hewlett-Packard Company)
HP BIOS Configuration for ProtectTools (Version: 3.00 C1 - Hewlett-Packard)
HP Deskjet 3740 Series (Version: - )
HP Doc Viewer (Version: 1.01.0005 - Hewlett-Packard)
HP Help and Support (Version: 4.4.0002 - HPQ)
HP Image Zone 4.7 (Version: 4.7 - HP)
HP Integrated Module with Bluetooth wireless technology (Version: 5.1.0.3000 - HP)
HP Notebook Accessories Product Tour (Version: 13.0.0 - Hewlett-Packard)
HP Photosmart 8700 Series (Version: - )
HP Product Assistant (Version: 2.0.0.0 - Hewlett-Packard) Hidden
HP ProtectTools Security Manager (Version: 3.00 A10 - Hewlett-Packard)
HP Quick Launch Buttons 6.20 F2 (Version: 6.20 F2 - Hewlett-Packard)
HP Update (Version: 4.000.005.007 - Hewlett-Packard)
HP User Guide Bluetooth Addendum 0062 (Version: 1.01.0000 - Hewlett-Packard)
HP User Guides 0064 (Version: 1.03.0000 - Hewlett-Packard)
HP Wireless Assistant (Version: 3.00 F1 - Hewlett-Packard)
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
InterVideo DVD Check (Version: - )
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (Version: - )
InterVideo WinDVD (Version: 5.0-B11.1164 - InterVideo Inc.)
KRW's Periodic Table Software (2002-02-25) (Version: - )
LightScribe 1.6.43.1 (Version: 1.6.43.1 - http://www.lightscribe.com) Hidden
LiveUpdate 2.6 (Symantec Corporation) (Version: 2.6.18.0 - Symantec Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2005 (Version: - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (Version: 8.0.55129 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (PROPHETSQL) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version: - Microsoft Corporation)
Microsoft Visio Professional 2002 [English] (Version: 10.0.525 - Microsoft Corporation)
Microsoft Visual SourceSafe V5.0 (Version: - )
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0 - Microsoft Corporation)
palmOne (Version: 4.1.0420 - palmOne, Inc.)
PanoStandAlone (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Photosmart 320,370,7400,8100,8400,8700 Series (Version: 6.2 - HP)
PS8700 (Version: 1.01.0000 - Hewlett-Packard) Hidden
PSPrinters06 (Version: 1.01.0000 - HP) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QwikQuote 6.0 Node (Version: - )
Roxio Creator Audio (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (Version: 3.3.0 - Roxio)
Roxio Creator Copy (Version: 3.3.0 - Roxio)
Roxio Creator Data (Version: 3.3.0 - Roxio)
Roxio Creator Tools (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (Version: 9.0.116 - Roxio)
ScanSoft PDF Create! 4 (Version: 4.00.0000 - Nuance, Inc.)
SIM Recovery Pro v1.2.2 (Version: - )
SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
SMC InfiniLink 2007.1213 (Version: - SMC)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
SoundMAX (Version: 5.10.01.5161 - Analog Devices)
SUPERAntiSpyware (Version: 5.7.1018 - SUPERAntiSpyware.com)
Symantec AntiVirus (Version: 10.0.2000.2 - Symantec Corporation)
Synaptics Pointing Device Driver (Version: 10.0.13.2 - Synaptics)
TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB957246) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
Update for Outlook 2007 Junk Email Filter (kb2291599) (Version: - Microsoft)
Update for Windows Internet Explorer 8 (KB968220) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB969497) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB943729) (Version: - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
Virtual Pool 3 Preview (Version: - )
VNC Enterprise Edition E4.3-K1 (Version: E4.3-K1 - RealVNC Ltd.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0 - Advanced Micro Devices)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (Version: 2 - Microsoft Corporation)
Windows PowerShell™ 1.0 MUI pack (Version: 2 - Microsoft Corporation)
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2004-08-04 02:00 - 2014-02-06 10:24 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Updater.job => C:\Documents and Settings\All Users\Application Data\Update\seupd.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe

==================== Loaded Modules (whitelisted) =============

2004-08-04 02:00 - 2008-04-14 05:42 - 00205312 _____ () C:\WINDOWS\owugihaji.dll
2007-12-04 04:17 - 2014-01-30 12:27 - 00094736 _____ () C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
2007-12-04 04:12 - 2014-02-10 12:08 - 00094732 _____ () C:\Program Files\InterVideo\DVD Check\DVDCheck .exe
2007-02-16 18:40 - 2007-02-16 18:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-02-16 18:40 - 2007-02-16 18:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-02-06 15:20 - 2007-02-06 15:20 - 02842624 _____ () C:\WINDOWS\system32\btwicons.dll
2007-02-06 15:16 - 2007-02-06 15:16 - 00053248 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-07-11 02:46 - 2010-07-11 02:46 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_acd21e23\mscorlib.dll
2010-07-11 02:45 - 2010-07-11 02:45 - 03018752 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_743421a4\system.windows.forms.dll
2010-07-11 02:45 - 2010-07-11 02:45 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_9c1f7762\system.dll
2010-07-11 02:46 - 2010-07-11 02:46 - 00835584 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_bd844bfd\system.drawing.dll
2010-07-11 02:45 - 2010-07-11 02:45 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_facfb624\system.xml.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2014 00:09:06 PM) (Source: Application Error) (User: )
Description: Faulting application scheduler .exe, version 1.0.6.7, faulting module oleaut32.dll, version 5.1.2600.5512, fault address 0x00004ee9.
Processing media-specific event for [scheduler .exe!ws!]

Error: (02/10/2014 00:06:00 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (02/10/2014 00:06:00 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (02/10/2014 11:46:26 AM) (Source: Application Error) (User: )
Description: Faulting application hpqtra08.exe, version 45.4.157.0, faulting module unknown, version 0.0.0.0, fault address 0x7ca28c16.
Processing media-specific event for [hpqtra08.exe!ws!]

Error: (02/10/2014 11:43:32 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module owugihaji.dll, version 0.0.0.0, fault address 0x000126d7.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/10/2014 11:43:12 AM) (Source: Application Error) (User: )
Description: Faulting application scheduler .exe, version 1.0.6.7, faulting module oleaut32.dll, version 5.1.2600.5512, fault address 0x00004ee9.
Processing media-specific event for [scheduler .exe!ws!]

Error: (02/10/2014 11:39:06 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (02/10/2014 11:39:02 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (02/10/2014 11:34:06 AM) (Source: Application Error) (User: )
Description: Faulting application scheduler .exe, version 1.0.6.7, faulting module oleaut32.dll, version 5.1.2600.5512, fault address 0x00004ee9.
Processing media-specific event for [scheduler .exe!ws!]

Error: (02/10/2014 11:31:55 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.


System errors:
=============
Error: (02/10/2014 00:22:48 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/10/2014 00:22:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/10/2014 00:20:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/10/2014 00:12:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/10/2014 00:12:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/10/2014 00:12:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/10/2014 00:12:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/10/2014 00:12:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/10/2014 00:12:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/10/2014 00:12:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding


Microsoft Office Sessions:
=========================
Error: (12/29/2009 03:26:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12574 seconds with 1500 seconds of active time. This session ended with a crash.

Error: (04/13/2009 02:44:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 792 seconds with 780 seconds of active time. This session ended with a crash.

Error: (04/13/2009 02:30:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 610 seconds with 480 seconds of active time. This session ended with a crash.

Error: (12/11/2008 03:11:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11570 seconds with 1020 seconds of active time. This session ended with a crash.

Error: (04/30/2008 10:08:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4521 seconds with 600 seconds of active time. This session ended with a crash.

Error: (04/30/2008 02:16:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 954 seconds with 720 seconds of active time. This session ended with a crash.

Error: (04/30/2008 02:00:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17125 seconds with 1020 seconds of active time. This session ended with a crash.

Error: (02/19/2008 08:00:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2866 seconds with 1020 seconds of active time. This session ended with a crash.

Error: (02/11/2008 08:55:52 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 413 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/04/2008 11:06:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 6484 seconds with 1920 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 80%
Total physical RAM: 447.23 MB
Available physical RAM: 85.6 MB
Total Pagefile: 1053.5 MB
Available Pagefile: 586.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:64.78 GB) (Free:27.31 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (HP_RECOVERY) (Fixed) (Total:9.74 GB) (Free:9.48 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (USB DISK) (Removable) (Total:3.61 GB) (Free:3.61 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=65 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================
  • 0

#49
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
  • Step 1: FRST Fix

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

  • Step 2: TFC

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

  • Step 3: FRST Scan

  • Run FRST.
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

  • Step 4: MBAM

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Attached Files


  • 0

#50
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Ran FRST fix. TFC removed 146MB of files. On reboot File Checker ran itself prior to Windows starting. Ran FRST scan. Installed MBAM and ran quick scan. See all logs below.

FRST FIX LOG
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-02-2014
Ran by Administrator at 2014-02-10 16:39:15 Run:4
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [yxxa.exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa.exe" <===== ATTENTION
HKLM\...\Run: [yxxa .exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" <===== ATTENTION
HKLM\...\Run: [yxxa .exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" <===== ATTENTION
HKLM\...\Run: [yxxa .exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" <===== ATTENTION
HKLM\...\Run: [yxxa .exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" <===== ATTENTION
HKLM\...\Run: [yxxa .exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" <===== ATTENTION
HKLM\...\Run: [uPc+MV0NKNaXms] - rundll32.exe C:\WINDOWS\system32\c84h1m.dll, SystemServer
HKLM\...\Run: [Tyizoqibuz] - C:\WINDOWS\owugihaji.dll [205312 2008-04-14] ()
HKLM\...\Run: [MKfsZK] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfsZj] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfsZgK] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfsZgj] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfsZgc] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfsZg0] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfsZc] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfsZ0] - C:\WINDOWS\winlogon .exe
HKLM\...\Run: [MKfJ] - C:\WINDOWS\win .exe
HKLM\...\Run: [MKfFc] - C:\WINDOWS\win .exe
HKLM\...\Run: [MKeuN] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKK] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKj] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKgK] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKgj] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKggc] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKgc] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKg0] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuKc] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKeuK0] - C:\WINDOWS\spoolsv .exe
HKLM\...\Run: [MKetWK] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWj] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWgK] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWgj] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWggK] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWggc] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWgg0] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWgc] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWg0] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetWc] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKetW0] - C:\WINDOWS\services .exe
HKLM\...\Run: [MKdws] - C:\WINDOWS\nvsvc32 .exe
HKLM\...\Run: [MKdwpc] - C:\WINDOWS\nvsvc32 .exe
HKLM\...\Run: [MKcuK] - C:\WINDOWS\lsass .exe
HKLM\...\Run: [MKcuj] - C:\WINDOWS\lsass .exe [94732 2010-09-26] ()
HKLM\...\Run: [MKcugK] - C:\WINDOWS\lsass .exe [94728 2010-09-26] ()
HKLM\...\Run: [MKcugj] - C:\WINDOWS\lsass .exe [94728 2010-09-26] ()
HKLM\...\Run: [MKcuggK] - C:\WINDOWS\lsass .exe [94728 2010-09-26] ()
HKLM\...\Run: [MKcuggc] - C:\WINDOWS\lsass .exe [94732 2010-09-26] ()
HKLM\...\Run: [MKcugc] - C:\WINDOWS\lsass .exe [94728 2010-09-26] ()
HKLM\...\Run: [MKcug0] - C:\WINDOWS\lsass .exe [94732 2010-09-26] ()
HKLM\...\Run: [MKcu0] - C:\WINDOWS\lsass .exe [94732 2010-09-26] ()
HKLM\...\Run: [MKayK] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKayj] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKaygK] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKaygj] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKayggK] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKayggj] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKaygggK] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKaygggc] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKayggc] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKaygg0] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKaygc] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKayg0] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [MKay0] - C:\WINDOWS\csrss .exe
HKLM\...\Run: [HNUtcHXlrxK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxgK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxgj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxgggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxgg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxgc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrxc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv.exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrx0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\spoolsv .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrJ] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlrf] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss.exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr4] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0K] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0j] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0ggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0gc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0g0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr0c] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlr00] - C:\DOCUME~1\jprice\LOCALS~1\Temp\smss .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvgc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqvc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst.exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqv0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\wininst .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqgc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlqc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win.exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlq0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\win .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdQ] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5.exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdo] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggggggK] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggggggj] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlggc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlgc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlg0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdlc] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfdl0] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
HKLM\...\Run: [HNUtcHXlfd6] - C:\DOCUME~1\jprice\LOCALS~1\Temp\q8xpb6n5 .exe <===== ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Q2aRNUk5.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\{84ED3979-6E30-4DF7-89EB-0C7FF0627D09}
C:\Documents and Settings\jprice\Local Settings\Temp\win .exe
C:\WINDOWS\system32\c84h1m.dll
C:\WINDOWS\owugihaji.dll [205312 2008-04-14] ()C:\WINDOWS\winlogon .exe
C:\WINDOWS\win .exe
C:\WINDOWS\spoolsv .exe
C:\WINDOWS\services .exe
C:\WINDOWS\nvsvc32 .exe
C:\WINDOWS\lsass .exe
C:\WINDOWS\csrss .exe

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\yxxa.exe => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\yxxa .exe => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\yxxa .exe => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\yxxa .exe => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\yxxa .exe => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\yxxa .exe => Unable to delete value
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\uPc+MV0NKNaXms => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Tyizoqibuz => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKfsZK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKfsZj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKfsZgK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKfsZgj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKfsZgc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKfsZg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKfsZc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKfsZ0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKfJ => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKfFc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuN => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuKK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuKj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuKgK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuKgj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuKggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuKgc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuKg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuKc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKeuK0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWgK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWgj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWgg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWgc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKetWc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKetW0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKdws => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKdwpc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKcuK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKcuj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKcugK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKcugj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKcuggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKcuggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKcugc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKcug0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKcu0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKayK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKayj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKaygK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKaygj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKayggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKayggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKaygggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKaygggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKayggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKaygg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKaygc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKayg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MKay0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlrxK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlrxj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlrxgK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlrxgj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlrxggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlrxggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlrxgggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlrxggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlrxgg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlrxgc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlrxg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlrxc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlrx0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlrJ => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlrf => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr4 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0K => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0j => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0ggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0gc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0g0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr0c => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlr00 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvgc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqvc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqv0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqgc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlqc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlq0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdQ => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdo => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggggggggggK => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggggggggggj => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlggc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlgc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlg0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdlc => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfdl0 => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HNUtcHXlfd6 => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Q2aRNUk5.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\{84ED3979-6E30-4DF7-89EB-0C7FF0627D09} => Moved successfully.
"C:\Documents and Settings\jprice\Local Settings\Temp\win .exe" => File/Directory not found.
"C:\WINDOWS\system32\c84h1m.dll" => File/Directory not found.
"C:\WINDOWS\owugihaji.dll [205312 2008-04-14] ()C:\WINDOWS\winlogon .exe" => File/Directory not found.
"C:\WINDOWS\win .exe" => File/Directory not found.
"C:\WINDOWS\spoolsv .exe" => File/Directory not found.
"C:\WINDOWS\services .exe" => File/Directory not found.
"C:\WINDOWS\nvsvc32 .exe" => File/Directory not found.
"C:\WINDOWS\lsass .exe" => File/Directory not found.
"C:\WINDOWS\csrss .exe" => File/Directory not found.

==== End of Fixlog ====

FRST SCAN LOG
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-02-2014
Ran by Administrator (administrator) on JPRICELAP on 10-02-2014 16:52:18
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
(SUPERAntiSpyware.com) C:\AdwCleaner\newsas\SASCORE.EXE
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Symantec Corporation) C:\Program Files\Symantec AntiVirus\DefWatch.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Hewlett-Packard) C:\WINDOWS\system32\hphmon06.exe
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
(symantec) C:\Program Files\Symantec AntiVirus\SavRoam.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
() C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
() C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Hewlett-Packard Corporation) C:\WINDOWS\system32\AccelerometerSt.exe
() C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\HP Software Update\HPWuSchd2 .exe
(Symantec Corporation) C:\Program Files\SYMANT~1\VPTray .exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp .exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Symantec Corporation) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\digital imaging\bin\hpqtra08.exe
() C:\Program Files\RealVNC\VNC4\WinVNC4.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqtgsvc.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
() C:\Program Files\InterVideo\DVD Check\DVDCheck .exe
(Farbar) C:\Documents and Settings\Administrator\Desktop\tea.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Scheduler] - C:\WINDOWS\SMINST\Scheduler.exe [94736 2014-01-30] ()
HKLM\...\Run: [Reminder] - C:\WINDOWS\Creator\Remind_XP.exe [94736 2014-01-30] ()
HKLM\...\Run: [Recguard] - C:\WINDOWS\Sminst\Recguard.exe [94736 2014-01-30] ()
HKLM\...\Run: [MsmqIntCert] - regsvr32 /s mqrt.dll
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [94736 2014-01-30] ()
HKLM\...\Run: [Cpqset] - C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [94736 2014-01-30] ()
HKLM\...\Run: [CognizanceTS] - C:\Program Files\HEWLET~1\IAM\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [94736 2014-01-30] ()
HKLM\...\Run: [HPHmon06] - C:\WINDOWS\system32\hphmon06.exe [622592 2004-12-16] (Hewlett-Packard)
HKLM\...\Run: [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe [172032 2004-11-24] (HP)
HKLM\...\Run: [yxxa .exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" <===== ATTENTION
HKLM\...\Run: [yxxa .exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" <===== ATTENTION
HKLM\...\Run: [yxxa .exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" <===== ATTENTION
HKLM\...\Run: [yxxa .exe] - "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" <===== ATTENTION
HKLM\...\Run: [WatchDog] - C:\Program Files\InterVideo\DVD Check\DVDCheck .exe [94736 2014-02-10] ()
HKLM\...\Run: [vptray] - C:\Program Files\SYMANT~1\VPTray.exe [94724 2010-09-26] ()
HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe
HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [94724 2010-09-26] ()
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [94736 2014-01-30] ()
HKLM\...\Run: [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.)
HKLM\...\Run: [QlbCtrl] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [163840 2007-05-02] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PTHOSTTR] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PDF Complete] - "C:\Program Files\PDF Complete\pdfsty.exe"
HKLM\...\Run: [HPHUPD06] - C:\Program Files\Hewlett-Packard\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe
HKLM\...\Run: [HP Software Update] - c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [94736 2014-01-30] ()
HKLM\...\Run: [ccApp] - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [94724 2010-09-26] ()
HKLM\...\Run: [AccelerometerSysTrayApplet] - C:\WINDOWS\system32\AccelerometerSt.exe [124928 2007-01-24] (Hewlett-Packard Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
Winlogon\Notify\OneCard: C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 1
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\COMMON~1\Microsoft Shared\DW\dwtrig20.exe [94724 2010-09-26] ()
HKU\.DEFAULT\...\Run: [SE11] - C:\Program Files\SecEss\SE11.exe
HKU\.DEFAULT\...\RunOnce: [TSClientMSIUninstaller] - cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
HKU\.DEFAULT\...\RunOnce: [TSClientAXDisabler] - cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 1
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\Run: [SUPERAntiSpyware] - C:\AdwCleaner\newsas\SUPERAntiSpyware.exe [5625624 2014-01-06] ()
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [94728 2010-09-26] ()
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\Policies\Explorer: [NoFolderOptions] 1
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\Policies\Explorer: [NoSetActiveDesktop] 1
HKU\S-1-5-21-2700236382-4009610293-4285289237-500\...\MountPoints2: E - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\Administrator.IDI\Start Menu\Programs\Startup\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
ShortcutTarget: DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files\palmOne\Hotsync.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hewlett-Packard\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
ShortcutTarget: HP Image Zone Fast Start.lnk -> C:\Program Files\Hewlett-Packard\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (No File)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\jprice\Start Menu\Programs\Startup\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Documents and Settings\jprice\Start Menu\Programs\Startup\palmOne Registration.lnk
ShortcutTarget: palmOne Registration.lnk -> C:\Program Files\palmOne\register.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...d=smb&pf=laptop
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...d=smb&pf=laptop
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-27-0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll No File [ ]
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\AdwCleaner\newsas\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\AdwCleaner\newsas\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 ASBroker; C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [74240 2007-02-06] (Cognizance Corporation)
R2 ASChannel; C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll [131584 2006-06-21] (Cognizance Corporation)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [185968 2005-10-04] (Symantec Corporation)
S3 ccPwdSvc; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [83568 2005-10-04] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [177776 2005-10-04] (Symantec Corporation)
R2 DefWatch; C:\Program Files\Symantec AntiVirus\DefWatch.exe [20208 2005-11-15] (Symantec Corporation)
S3 HP Port Resolver; C:\WINDOWS\system32\hpbpro.exe [77824 2004-06-02] (Hewlett-Packard Company)
S3 HP Status Server; C:\WINDOWS\system32\hpboid.exe [73728 2004-06-02] (Hewlett-Packard Company)
R2 msftesql$PROPHETSQL; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [92952 2006-08-28] (Microsoft Corporation)
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] ()
R2 MSMQ; C:\WINDOWS\system32\mqsvc.exe [4608 2008-04-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\WINDOWS\system32\mqtgsvc.exe [117248 2008-04-14] (Microsoft Corporation)
R2 MSSQL$PROPHETSQL; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29181272 2008-12-18] (Microsoft Corporation)
S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [294912 2006-01-12] (SoftThinks)
R2 SavRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [169200 2005-11-15] (symantec)
S3 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [214672 2005-10-19] (Symantec Corporation)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2008-01-17] (SolidWorks)
S3 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [992864 2005-03-30] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [1756912 2005-11-15] (Symantec Corporation)
S4 MSSQLServerADHelper; "C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [X]
R2 SQLBrowser; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [X]
R2 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [X]
R2 WinVNC4; "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service [X]

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S3 ATSWPDRV; C:\WINDOWS\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-11-01] (Broadcom Corporation)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [868298 2007-02-14] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-02-14] (Broadcom Corporation.)
R1 eabfiltr; C:\WINDOWS\System32\DRIVERS\eabfiltr.sys [8192 2006-11-30] (Hewlett-Packard Development Company, L.P.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2010-05-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [102448 2010-05-27] (Symantec Corporation)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-21] (HP)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [36608 2006-09-19] (Infineon Technologies AG)
R3 MQAC; C:\WINDOWS\system32\drivers\mqac.sys [92544 2008-04-14] (Microsoft Corporation)
R3 NAVENG; C:\Program Files\COMMON~1\Symantec Shared\VirusDefs\20100924.004\naveng.sys [85424 2010-07-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\COMMON~1\Symantec Shared\VirusDefs\20100924.004\navex15.sys [1362608 2010-07-15] (Symantec Corporation)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2004-06-09] (PalmSource, Inc.)
S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 SASDIFSV; C:\AdwCleaner\newsas\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\AdwCleaner\newsas\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SAVRT; C:\Program Files\Symantec AntiVirus\savrt.sys [334984 2005-08-26] (Symantec Corporation)
R1 SAVRTPEL; C:\Program Files\Symantec AntiVirus\Savrtpel.sys [53896 2005-08-26] (Symantec Corporation)
S3 slabbus; C:\WINDOWS\System32\DRIVERS\slabbus.sys [66672 2007-03-01] (MCCI)
S3 slabser; C:\WINDOWS\System32\DRIVERS\slabser.sys [100400 2007-03-01] (MCCI)
S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [372832 2005-03-30] (Symantec Corporation)
R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [108168 2005-09-16] (Symantec Corporation)
S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [24720 2005-10-19] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [195728 2005-10-19] (Symantec Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S3 VPROEVENTMONITOR; \??\C:\WINDOWS\system32\drivers\VProEventMonitor.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-10 16:52 - 2014-02-10 16:52 - 00017784 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-02-10 12:20 - 2014-02-10 11:58 - 01139200 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\tea.exe
2014-02-10 11:45 - 2014-02-10 11:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\HP
2014-02-10 11:42 - 2014-02-10 11:42 - 00000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2014-02-06 15:37 - 2014-02-06 15:40 - 00000000 ___SD () C:\Machiavelli
2014-02-06 14:50 - 2011-06-26 00:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-02-06 14:50 - 2010-11-07 11:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-02-06 14:50 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-02-06 14:50 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-02-06 14:50 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-02-06 14:50 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-02-06 14:50 - 2000-08-30 18:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-02-06 14:50 - 2000-08-30 18:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-02-06 14:50 - 2000-08-30 18:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-02-06 14:44 - 2014-02-06 14:49 - 00000000 ____D () C:\Qoobox
2014-02-06 14:44 - 2014-02-06 14:44 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-06 14:43 - 2014-02-06 14:27 - 05180173 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\Machiavelli.exe
2014-02-06 14:42 - 2014-02-06 14:28 - 01136640 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\apples.exe
2014-02-06 11:09 - 2014-02-06 10:56 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\oldmantimer.exe
2014-02-06 10:42 - 2014-02-06 10:13 - 01139200 _____ () C:\Documents and Settings\Administrator\Desktop\farapple.exe
2014-02-06 10:24 - 2014-02-06 10:13 - 01139200 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\TSRF.exe
2014-02-06 10:22 - 2014-02-06 10:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\tripping
2014-02-05 13:02 - 2014-02-10 16:52 - 00000000 ____D () C:\FRST
2014-02-05 13:01 - 2014-02-05 12:21 - 01139200 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-02-04 15:02 - 2014-02-03 22:50 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\LOT.exe
2014-02-04 14:49 - 2014-02-04 14:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\gummy
2014-02-04 00:39 - 2014-02-04 00:39 - 00000000 ____D () C:\pukingsoft
2014-02-04 00:34 - 2014-02-04 00:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2014-02-04 00:33 - 2014-02-04 00:33 - 00001543 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-04 00:33 - 2014-02-04 00:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-02-04 00:33 - 2014-02-04 00:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-02-04 00:27 - 2014-02-03 23:24 - 17946224 _____ (SUPERAntiSpyware) C:\Documents and Settings\Administrator\Desktop\SAS_634F563.EXE
2014-02-04 00:14 - 2014-02-04 00:14 - 00000000 _____ () C:\WINDOWS\system32\SBRC.dat
2014-02-04 00:13 - 2013-09-04 13:57 - 00024040 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2014-02-04 00:13 - 2013-05-23 07:39 - 00043368 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2014-02-04 00:11 - 2014-02-04 00:13 - 00000000 ____D () C:\VIPRERESCUE
2014-02-03 23:54 - 2014-02-10 15:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-03 23:50 - 2014-02-03 23:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\rkill
2014-02-03 23:49 - 2014-02-03 23:19 - 01933048 _____ () C:\Documents and Settings\Administrator\Desktop\rkill.exe
2014-02-03 23:21 - 2014-02-03 23:09 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.scr
2014-02-03 23:21 - 2014-02-03 23:09 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.com
2014-02-03 23:08 - 2014-02-03 22:50 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.exe
2014-02-03 20:44 - 2014-02-03 23:55 - 00000989 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-03 20:44 - 2014-02-03 23:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-03 20:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-03 19:23 - 2014-02-03 19:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-02-03 19:22 - 2014-02-03 19:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-03 19:19 - 2014-02-03 19:19 - 00000000 ____D () C:\Tech Support
2014-02-03 19:17 - 2014-02-03 16:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\9e5tusxsw1.exe
2014-02-03 18:39 - 2014-02-03 18:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Zeon
2014-02-03 18:13 - 2014-02-10 15:55 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\TFC.exe
2014-02-03 18:13 - 2010-06-28 14:37 - 00963827 _____ () C:\Documents and Settings\Administrator\Desktop\Eusing Free Registry Cleaner.exe
2014-02-03 16:57 - 2014-02-04 00:32 - 00000000 ____D () C:\AdwCleaner
2014-02-03 16:57 - 2014-02-03 16:41 - 01037068 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2014-02-03 16:57 - 2014-02-03 16:40 - 01166132 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
2014-02-03 16:55 - 2014-02-03 18:59 - 00005127 _____ () C:\WINDOWS\setupapi.log
2014-01-30 14:44 - 2010-09-26 17:45 - 00094748 ____H () C:\Documents and Settings\Administrator\Q2aRNUk5.com
2014-01-30 12:20 - 2014-01-30 12:20 - 00000811 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-01-30 11:56 - 2014-01-30 11:56 - 00000097 _____ () C:\Documents and Settings\Administrator\LuResult.txt
2014-01-30 11:12 - 2014-01-30 11:12 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache

==================== One Month Modified Files and Folders =======

2014-02-10 16:52 - 2014-02-10 16:52 - 00017784 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-02-10 16:52 - 2014-02-05 13:02 - 00000000 ____D () C:\FRST
2014-02-10 16:51 - 2010-09-26 21:28 - 00677795 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-10 16:49 - 2004-08-07 07:14 - 00678654 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-10 16:47 - 2010-09-26 13:47 - 00000416 _____ () C:\WINDOWS\Tasks\Updater.job
2014-02-10 16:46 - 2010-09-26 21:35 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-10 16:44 - 2010-09-26 21:38 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-10 16:44 - 2010-09-26 21:38 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-10 16:44 - 2007-10-04 11:06 - 00000000 ____D () C:\WINDOWS\SMINST
2014-02-10 16:43 - 2010-09-26 21:36 - 00032466 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-10 16:43 - 2009-04-18 11:09 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job
2014-02-10 16:42 - 2004-08-07 07:19 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-10 16:40 - 2007-10-04 10:31 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-02-10 15:57 - 2014-02-03 23:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-10 15:55 - 2014-02-03 18:13 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\TFC.exe
2014-02-10 11:58 - 2014-02-10 12:20 - 01139200 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\tea.exe
2014-02-10 11:45 - 2014-02-10 11:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\HP
2014-02-10 11:44 - 2007-12-03 22:08 - 00135864 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-02-10 11:42 - 2014-02-10 11:42 - 00000136 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
2014-02-10 11:36 - 2004-08-07 07:19 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-10 11:36 - 2004-08-07 07:03 - 00000603 _____ () C:\WINDOWS\win.ini
2014-02-10 11:36 - 2004-08-07 06:57 - 00000223 ___SH () C:\boot.ini
2014-02-10 11:36 - 2004-08-06 23:53 - 00000227 _____ () C:\WINDOWS\system.ini
2014-02-06 15:40 - 2014-02-06 15:37 - 00000000 ___SD () C:\Machiavelli
2014-02-06 15:37 - 2007-10-04 09:36 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-02-06 14:49 - 2014-02-06 14:44 - 00000000 ____D () C:\Qoobox
2014-02-06 14:44 - 2014-02-06 14:44 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-06 14:28 - 2014-02-06 14:42 - 01136640 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\apples.exe
2014-02-06 14:27 - 2014-02-06 14:43 - 05180173 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\Machiavelli.exe
2014-02-06 10:56 - 2014-02-06 11:09 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\oldmantimer.exe
2014-02-06 10:22 - 2014-02-06 10:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\tripping
2014-02-06 10:13 - 2014-02-06 10:42 - 01139200 _____ () C:\Documents and Settings\Administrator\Desktop\farapple.exe
2014-02-06 10:13 - 2014-02-06 10:24 - 01139200 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\TSRF.exe
2014-02-05 12:21 - 2014-02-05 13:01 - 01139200 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-02-04 14:50 - 2014-02-04 14:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\gummy
2014-02-04 14:39 - 2007-12-03 22:12 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-04 00:39 - 2014-02-04 00:39 - 00000000 ____D () C:\pukingsoft
2014-02-04 00:34 - 2014-02-04 00:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2014-02-04 00:33 - 2014-02-04 00:33 - 00001543 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-04 00:33 - 2014-02-04 00:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-02-04 00:33 - 2014-02-04 00:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-02-04 00:32 - 2014-02-03 16:57 - 00000000 ____D () C:\AdwCleaner
2014-02-04 00:14 - 2014-02-04 00:14 - 00000000 _____ () C:\WINDOWS\system32\SBRC.dat
2014-02-04 00:13 - 2014-02-04 00:11 - 00000000 ____D () C:\VIPRERESCUE
2014-02-03 23:55 - 2014-02-03 20:44 - 00000989 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-03 23:55 - 2014-02-03 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-03 23:50 - 2014-02-03 23:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\rkill
2014-02-03 23:24 - 2014-02-04 00:27 - 17946224 _____ (SUPERAntiSpyware) C:\Documents and Settings\Administrator\Desktop\SAS_634F563.EXE
2014-02-03 23:19 - 2014-02-03 23:49 - 01933048 _____ () C:\Documents and Settings\Administrator\Desktop\rkill.exe
2014-02-03 23:09 - 2014-02-03 23:21 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.scr
2014-02-03 23:09 - 2014-02-03 23:21 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.com
2014-02-03 22:50 - 2014-02-04 15:02 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\LOT.exe
2014-02-03 22:50 - 2014-02-03 23:08 - 00602112 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.exe
2014-02-03 20:55 - 2007-12-03 21:48 - 00000000 ____D () C:\WINDOWS\pss
2014-02-03 19:23 - 2014-02-03 19:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2014-02-03 19:22 - 2014-02-03 19:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-02-03 19:19 - 2014-02-03 19:19 - 00000000 ____D () C:\Tech Support
2014-02-03 18:59 - 2014-02-03 16:55 - 00005127 _____ () C:\WINDOWS\setupapi.log
2014-02-03 18:39 - 2014-02-03 18:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Zeon
2014-02-03 16:42 - 2014-02-03 19:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\9e5tusxsw1.exe
2014-02-03 16:41 - 2014-02-03 16:57 - 01037068 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2014-02-03 16:40 - 2014-02-03 16:57 - 01166132 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
2014-01-30 14:44 - 2007-10-04 09:36 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-01-30 12:27 - 2007-10-04 11:06 - 00000000 ____D () C:\WINDOWS\CREATOR
2014-01-30 12:20 - 2014-01-30 12:20 - 00000811 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2014-01-30 12:20 - 2007-10-04 09:36 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-01-30 12:19 - 2004-08-07 07:08 - 00000744 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2014-01-30 11:56 - 2014-01-30 11:56 - 00000097 _____ () C:\Documents and Settings\Administrator\LuResult.txt
2014-01-30 11:55 - 2008-02-18 22:19 - 00000000 ____D () C:\Documents and Settings\jprice\Start Menu\Programs\Index Dat Spy
2014-01-30 11:12 - 2014-01-30 11:12 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache

Some content of TEMP:
====================
C:\Documents and Settings\jprice\Local Settings\Temp\win .exe
C:\Documents and Settings\jprice\Local Settings\Temp\win .exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

FRST ADDITIONS LOG
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-02-2014
Ran by Administrator at 2014-02-10 16:53:43
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Symantec AntiVirus Corporate Edition (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (Version: - Microsoft) Hidden
2007 Microsoft Office system (Version: 12.0.6425.1000 - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Illustrator 8.0 (Version: 8.0 - Adobe Systems, Inc.)
Adobe Photoshop v4.0 (Version: - )
Adobe Reader 8.1.2 (Version: 8.1.2 - Adobe Systems Incorporated)
Agere Systems HDA Modem (Version: - Agere Systems)
Application Installer 4.00.B14 (Version: 4.00.B14 - Hewlett-Packard Company)
ATI Catalyst Control Center (Version: 1.007.2007.0202 - )
ATI Display Driver (Version: 8.342.2-070202a-044973C-HP - )
AutoCAD LT 2004 (Version: 16.0.0.086 - Autodesk)
Autodesk Express Viewer (Version: 3.1 - Autodesk, Inc.)
Broadcom 802.11 Wireless LAN Adapter (Version: 4.100.15.5 - Broadcom Corporation)
Broadcom NetXtreme Ethernet Controller (Version: 10.15.15 - Broadcom Corporation)
BufferChm (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Canon MF Drivers (Version: - )
Canon MP150 (Version: - )
Catalyst Control Center Core Implementation (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.0202.1934.34870 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.0202.1934.34870 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Czech (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Danish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Dutch (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help English (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Finnish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help French (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help German (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Greek (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Hungarian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Italian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Japanese (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Korean (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Norwegian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Polish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Russian (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Spanish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Swedish (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Thai (Version: 2007.0202.1933.34870 - ATI) Hidden
CCC Help Turkish (Version: 2007.0202.1933.34870 - ATI) Hidden
ccc-Branding (Version: 1.00.0000 - ATI)
ccc-core-static (Version: 2007.0202.1934.34870 - ATI) Hidden
ccc-utility (Version: 2007.0202.1934.34870 - ATI) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Credential Manager for HP ProtectTools (Version: 2.5.0.880.13 - Hewlett-Packard )
Critical Update for Windows Media Player 11 (KB959772) (Version: - Microsoft Corporation)
CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
eDrawings 2008 (Version: 8.2.122 - SolidWorks)
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089) (Version: 9.2.3077 - Microsoft Corporation)
Google Earth (Version: 4.2.205.5730 - Google)
HP 3D DriveGuard (Version: 1.00 A4 - )
HP Backup and Recovery Manager Installer (Version: 2.4 - Hewlett-Packard Company)
HP BIOS Configuration for ProtectTools (Version: 3.00 C1 - Hewlett-Packard)
HP Deskjet 3740 Series (Version: - )
HP Doc Viewer (Version: 1.01.0005 - Hewlett-Packard)
HP Help and Support (Version: 4.4.0002 - HPQ)
HP Image Zone 4.7 (Version: 4.7 - HP)
HP Integrated Module with Bluetooth wireless technology (Version: 5.1.0.3000 - HP)
HP Notebook Accessories Product Tour (Version: 13.0.0 - Hewlett-Packard)
HP Photosmart 8700 Series (Version: - )
HP Product Assistant (Version: 2.0.0.0 - Hewlett-Packard) Hidden
HP ProtectTools Security Manager (Version: 3.00 A10 - Hewlett-Packard)
HP Quick Launch Buttons 6.20 F2 (Version: 6.20 F2 - Hewlett-Packard)
HP Update (Version: 4.000.005.007 - Hewlett-Packard)
HP User Guide Bluetooth Addendum 0062 (Version: 1.01.0000 - Hewlett-Packard)
HP User Guides 0064 (Version: 1.03.0000 - Hewlett-Packard)
HP Wireless Assistant (Version: 3.00 F1 - Hewlett-Packard)
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
InterVideo DVD Check (Version: - )
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (Version: - )
InterVideo WinDVD (Version: 5.0-B11.1164 - InterVideo Inc.)
KRW's Periodic Table Software (2002-02-25) (Version: - )
LightScribe 1.6.43.1 (Version: 1.6.43.1 - http://www.lightscribe.com) Hidden
LiveUpdate 2.6 (Symantec Corporation) (Version: 2.6.18.0 - Symantec Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2005 (Version: - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (Version: 8.0.55129 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (PROPHETSQL) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version: - Microsoft Corporation)
Microsoft Visio Professional 2002 [English] (Version: 10.0.525 - Microsoft Corporation)
Microsoft Visual SourceSafe V5.0 (Version: - )
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0 - Microsoft Corporation)
palmOne (Version: 4.1.0420 - palmOne, Inc.)
PanoStandAlone (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Photosmart 320,370,7400,8100,8400,8700 Series (Version: 6.2 - HP)
PS8700 (Version: 1.01.0000 - Hewlett-Packard) Hidden
PSPrinters06 (Version: 1.01.0000 - HP) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QwikQuote 6.0 Node (Version: - )
Roxio Creator Audio (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (Version: 3.3.0 - Roxio)
Roxio Creator Copy (Version: 3.3.0 - Roxio)
Roxio Creator Data (Version: 3.3.0 - Roxio)
Roxio Creator Tools (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (Version: 9.0.116 - Roxio)
ScanSoft PDF Create! 4 (Version: 4.00.0000 - Nuance, Inc.)
SIM Recovery Pro v1.2.2 (Version: - )
SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
SMC InfiniLink 2007.1213 (Version: - SMC)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
SoundMAX (Version: 5.10.01.5161 - Analog Devices)
SUPERAntiSpyware (Version: 5.7.1018 - SUPERAntiSpyware.com)
Symantec AntiVirus (Version: 10.0.2000.2 - Symantec Corporation)
Synaptics Pointing Device Driver (Version: 10.0.13.2 - Synaptics)
TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB957246) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
Update for Outlook 2007 Junk Email Filter (kb2291599) (Version: - Microsoft)
Update for Windows Internet Explorer 8 (KB968220) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB969497) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB943729) (Version: - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
Virtual Pool 3 Preview (Version: - )
VNC Enterprise Edition E4.3-K1 (Version: E4.3-K1 - RealVNC Ltd.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0 - Advanced Micro Devices)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (Version: 2 - Microsoft Corporation)
Windows PowerShell™ 1.0 MUI pack (Version: 2 - Microsoft Corporation)
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2004-08-04 02:00 - 2014-02-06 10:24 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Updater.job => C:\Documents and Settings\All Users\Application Data\Update\seupd.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe

==================== Loaded Modules (whitelisted) =============

2007-12-04 04:12 - 2014-01-30 12:27 - 00094736 _____ () C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
2007-02-16 18:40 - 2007-02-16 18:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-02-16 18:40 - 2007-02-16 18:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-02-06 15:20 - 2007-02-06 15:20 - 02842624 _____ () C:\WINDOWS\system32\btwicons.dll
2007-02-06 15:16 - 2007-02-06 15:16 - 00053248 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-07-11 02:46 - 2010-07-11 02:46 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_acd21e23\mscorlib.dll
2010-07-11 02:45 - 2010-07-11 02:45 - 03018752 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_743421a4\system.windows.forms.dll
2010-07-11 02:45 - 2010-07-11 02:45 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_9c1f7762\system.dll
2010-07-11 02:46 - 2010-07-11 02:46 - 00835584 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_bd844bfd\system.drawing.dll
2010-07-11 02:45 - 2010-07-11 02:45 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_facfb624\system.xml.dll
2007-12-04 04:12 - 2014-02-10 16:46 - 00094736 _____ () C:\Program Files\InterVideo\DVD Check\DVDCheck .exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2014 04:47:03 PM) (Source: Application Error) (User: )
Description: Faulting application scheduler .exe, version 1.0.6.7, faulting module oleaut32.dll, version 5.1.2600.5512, fault address 0x00004ee9.
Processing media-specific event for [scheduler .exe!ws!]

Error: (02/10/2014 04:43:01 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (02/10/2014 04:42:59 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (02/10/2014 04:34:11 PM) (Source: Application Error) (User: )
Description: Faulting application hpqtra08.exe, version 45.4.157.0, faulting module unknown, version 0.0.0.0, fault address 0x7ca28c16.
Processing media-specific event for [hpqtra08.exe!ws!]

Error: (02/10/2014 04:30:37 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module owugihaji.dll, version 0.0.0.0, fault address 0x000126d7.
Processing media-specific event for [explorer.exe!ws!]

Error: (02/10/2014 04:30:01 PM) (Source: Application Error) (User: )
Description: Faulting application scheduler .exe, version 1.0.6.7, faulting module oleaut32.dll, version 5.1.2600.5512, fault address 0x00004ee9.
Processing media-specific event for [scheduler .exe!ws!]

Error: (02/10/2014 04:27:24 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (02/10/2014 04:27:22 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (02/10/2014 00:09:06 PM) (Source: Application Error) (User: )
Description: Faulting application scheduler .exe, version 1.0.6.7, faulting module oleaut32.dll, version 5.1.2600.5512, fault address 0x00004ee9.
Processing media-specific event for [scheduler .exe!ws!]

Error: (02/10/2014 00:06:00 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.


System errors:
=============
Error: (02/10/2014 04:54:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/10/2014 04:53:48 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/10/2014 04:52:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/10/2014 04:52:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/10/2014 04:49:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

Error: (02/10/2014 04:49:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

Error: (02/10/2014 04:49:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding

Error: (02/10/2014 04:47:46 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/10/2014 04:47:46 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding

Error: (02/10/2014 04:47:46 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The error:
"%%5"
Happened while starting this command:
C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding


Microsoft Office Sessions:
=========================
Error: (12/29/2009 03:26:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12574 seconds with 1500 seconds of active time. This session ended with a crash.

Error: (04/13/2009 02:44:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 792 seconds with 780 seconds of active time. This session ended with a crash.

Error: (04/13/2009 02:30:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 610 seconds with 480 seconds of active time. This session ended with a crash.

Error: (12/11/2008 03:11:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11570 seconds with 1020 seconds of active time. This session ended with a crash.

Error: (04/30/2008 10:08:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4521 seconds with 600 seconds of active time. This session ended with a crash.

Error: (04/30/2008 02:16:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 954 seconds with 720 seconds of active time. This session ended with a crash.

Error: (04/30/2008 02:00:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17125 seconds with 1020 seconds of active time. This session ended with a crash.

Error: (02/19/2008 08:00:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2866 seconds with 1020 seconds of active time. This session ended with a crash.

Error: (02/11/2008 08:55:52 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 413 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/04/2008 11:06:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 6484 seconds with 1920 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 81%
Total physical RAM: 447.23 MB
Available physical RAM: 80.66 MB
Total Pagefile: 1053.5 MB
Available Pagefile: 596.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:64.78 GB) (Free:27.45 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (HP_RECOVERY) (Fixed) (Total:9.74 GB) (Free:9.48 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (USB DISK) (Removable) (Total:3.61 GB) (Free:3.58 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: 95AA95AA)
Partition 1: (Active) - (Size=65 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================

MBAM LOG
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: JPRICELAP [administrator]

2/10/2014 4:56:59 PM
mbam-log-2014-02-10 (16-56-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 250765
Time elapsed: 13 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1BA40A1-75F2-51BD-F313-04B03A2C8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{B1BA40A1-75F2-51BD-F313-04B03A2C8953} (Trojan.Ertfor) -> Data: jsfsue98jfi8dfjijse -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{B1BA40A1-75F2-51BD-F313-04B03A2C8953} (Trojan.Ertfor) -> Data: -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SE11 (Rogue.SecurityEssentials) -> Data: C:\Program Files\SecEss\SE11.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer|WINID (Malware.Trace) -> Data: 1CF1DECEE9DDB26 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoFolderOptions (Hijack.FolderOptions) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 13
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop|NoChangingWallpaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSetActiveDesktop (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com|http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and repaired successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com|http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and repaired successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com|http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and repaired successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com|http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSetActiveDesktop (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop|NoChangingWallpaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com|http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 20
C:\WINDOWS\system32\rpk5dkg.dl$ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\c84h1m.dl$ (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\mvb35316.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\jprice\local settings\temp\win .exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\SMPDLA.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\win .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\winlogon .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\lsass .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\nvsvc32 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\owugihaji.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\csrss .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\spoolsv .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\services .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6to4ex.dll (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Update\seupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\SecEss\SE11.exe (Rogue.SecurityEssentials) -> Quarantined and deleted successfully.
C:\Documents and Settings\jprice\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\SE11.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Q2aRNUk5.com (Malware.Generic) -> Quarantined and deleted successfully.

(end)
  • 0

#51
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hello velarie.

Currently I have myself big, big Internet problems. I will probably able to work on that topic on Friday. So sorry for that.

Regards,
Machiavelli
  • 0

#52
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
I understand. No worries. Will wait to hear from you.
  • 0

#53
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I will be assisting you during Machiavelli's absence.

Before anything further proactive; since several days have transpired. I would like for you to carry out the below scans so I can ascertain the current situation with your machine as follows...

Scan with aswMBR:

Please download aswMBR to your desktop.

  • Double-click on aswMBR.exe to start the program.
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

Scan with FSS:

Please download Farbar Service Scanner and save to your desktop.

  • Double-click FSS.exe to start the program.
  • Select all available options.
  • Then click on the Scan tab.
  • When the scan is complete, it will produce a log named FSS.txt.
  • Post the contents in your next reply.
Scan with OTL:

Please download OTL and save it to your desktop.

Alternate downloads are here and here.

  • Double-click on OTL.exe to start OTL.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Select both LOP & Purity Check, then click the Scan All Users check-box.
  • Under the Custom Scan/Fixes box cut & paste this in:-
netsvcs
baseservices
msconfig
%systemdrive%\*.exe
/md5start
rpcss.dll
/md5stop
C:\program files (x86)\Google\Desktop
C:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
CreateRestorePoint


  • Click on Run Scan button.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these two Notepad files in your next reply.
Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered ?
  • aswMBR Log.
  • Farbar Service Scanner Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#54
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Hello Dakeyras. Thanks for your assistance. I can't really tell you how the computer is running. It is only on when I'm completing GTG instructions. It is booting about the same. Normal hardware and application errors. I noticed on the last boot I didn't get the DLL error. No malicious pop ups anymore. And of course I'm actually able to run some tools now, lol. Logs below.

**********************************************************
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-13 08:52:42
-----------------------------
08:52:42.312 OS Version: Windows 5.1.2600 Service Pack 3
08:52:42.312 Number of processors: 1 586 0x4C02
08:52:42.312 ComputerName: JPRICELAP UserName:
08:53:25.187 Initialize success
08:54:51.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
08:54:51.328 Disk 0 Vendor: FUJITSU_MHW2080BH_PL 891F Size: 76319MB BusType: 3
08:54:51.343 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHW2080BH_PL____________________891F____#314b4d3037543239435436332020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
08:54:51.359 Device \Driver\atapi -> DriverStartIo 8525cabf
08:54:51.703 Disk 0 MBR read successfully
08:54:51.703 Disk 0 MBR scan
08:54:51.718 Disk 0 [email protected] code has been found
08:54:51.734 Disk 0 MBR hidden
08:54:51.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 66338 MB offset 63
08:54:51.796 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9977 MB offset 135861705
08:54:51.828 Disk 0 MBR [TDL4] **ROOTKIT**
08:54:51.843 Scan finished successfully
08:55:26.515 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
08:55:26.671 The log file has been saved successfully to "F:\aswMBR.txt"
  • 0

#55
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
FSS Log

Farbar Service Scanner Version: 02-02-2014
Ran by Administrator (administrator) on 13-02-2014 at 08:56:29
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Bridge(11) BridgeMP(10) Gpc(7) IPSec(5) NetBT(6) PSched(8) SYMTDI(9) Tcpip(4)
0x0B0000000500000001000000020000000300000004000000090000000600000007000000080000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****
  • 0

Advertisements


#56
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
OTL Log

OTL logfile created on: 2/13/2014 8:58:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.23 Mb Total Physical Memory | 95.80 Mb Available Physical Memory | 21.42% Memory free
1.03 Gb Paging File | 0.61 Gb Available in Paging File | 59.24% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.78 Gb Total Space | 27.44 Gb Free Space | 42.36% Space Free | Partition Type: NTFS
Drive E: | 9.74 Gb Total Space | 9.48 Gb Free Space | 97.32% Space Free | Partition Type: NTFS
Drive F: | 3.61 Gb Total Space | 3.60 Gb Free Space | 99.83% Space Free | Partition Type: FAT32

Computer Name: JPRICELAP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2014/02/13 08:51:40 | 000,094,736 | ---- | M] () -- C:\Program Files\InterVideo\DVD Check\DVDCheck .exe
PRC - [2014/02/13 08:33:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\bannana.exe
PRC - [2013/10/10 16:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\AdwCleaner\newsas\SASCore.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/15 02:27:20 | 001,015,808 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
PRC - [2007/02/06 15:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/01/24 14:28:58 | 000,124,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2007/01/05 10:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp .exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/10/05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2005/11/15 12:28:04 | 000,085,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\SYMANT~1\VPTray .exe
PRC - [2005/11/15 12:27:56 | 000,169,200 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2005/11/15 12:27:54 | 001,756,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/11/15 12:27:44 | 000,020,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/10/04 12:42:50 | 000,177,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/10/04 12:42:42 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/02/17 00:11:42 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2 .exe
PRC - [2004/11/24 17:17:34 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe
PRC - [2004/11/04 19:36:46 | 000,425,984 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\digital imaging\bin\hpqgalry.exe
PRC - [2004/11/04 19:28:24 | 000,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\digital imaging\bin\hpqtra08.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/13 08:51:40 | 000,094,736 | ---- | M] () -- C:\Program Files\InterVideo\DVD Check\DVDCheck .exe
MOD - [2010/07/11 02:46:13 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_acd21e23\mscorlib.dll
MOD - [2010/07/11 02:46:10 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_bd844bfd\system.drawing.dll
MOD - [2010/07/11 02:45:59 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_facfb624\system.xml.dll
MOD - [2010/07/11 02:45:52 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_743421a4\system.windows.forms.dll
MOD - [2010/07/11 02:45:35 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_9c1f7762\system.dll
MOD - [2010/07/11 02:44:58 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2007/12/10 11:43:15 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2007/12/10 11:42:25 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2007/12/10 11:42:20 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2007/12/10 11:42:20 | 000,049,152 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2007/12/10 11:42:19 | 000,798,720 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2007/12/10 11:42:18 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2007/12/10 11:42:18 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2007/12/10 11:42:15 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2007/12/10 11:42:14 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2007/12/10 11:42:13 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2007/12/10 11:42:13 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll
MOD - [2007/12/10 11:42:12 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2007/12/10 11:42:12 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll
MOD - [2007/12/10 11:42:12 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2007/12/10 11:42:12 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2007/12/10 11:42:10 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2007/12/10 11:42:10 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2007/12/10 11:42:10 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll
MOD - [2007/12/10 11:42:10 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2007/12/10 11:42:09 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2007/12/10 11:42:09 | 000,167,936 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2007/12/10 11:42:09 | 000,073,728 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2007/12/10 11:42:09 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2007/12/10 11:42:09 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2007/12/10 11:42:08 | 000,196,608 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2007/12/10 11:42:08 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2007/12/10 11:42:08 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2007/12/10 11:42:08 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2007/12/10 11:42:07 | 000,475,136 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2007/10/04 10:03:58 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2007/10/04 10:03:58 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2007/10/04 10:03:57 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2007/02/16 18:40:42 | 005,521,408 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/02/16 18:40:40 | 001,466,368 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2007/02/06 15:20:00 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/02/06 15:16:06 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2004/08/07 07:09:06 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - File not found [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - File not found [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2013/10/10 16:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\AdwCleaner\newsas\SASCore.exe -- (!SASCORE)
SRV - [2008/04/14 05:42:30 | 000,078,848 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/01/17 13:10:57 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2007/02/06 19:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/10/05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/06/21 23:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2005/11/15 12:27:56 | 000,169,200 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/11/15 12:27:54 | 001,756,912 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/11/15 12:27:44 | 000,020,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/10/19 16:39:34 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/10/04 12:42:50 | 000,177,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/10/04 12:42:48 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/10/04 12:42:42 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/03/30 20:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/06/02 13:29:00 | 000,077,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpbpro.exe -- (HP Port Resolver)
SRV - [2004/06/02 13:28:00 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpboid.exe -- (HP Status Server)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VProEventMonitor.sys -- (VPROEVENTMONITOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/09/04 13:57:44 | 000,024,040 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gfiutil.sys -- (gfiutil)
DRV - [2013/05/23 07:39:14 | 000,043,368 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gfiark.sys -- (gfiark)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\AdwCleaner\newsas\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\AdwCleaner\newsas\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/15 02:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\COMMON~1\Symantec Shared\VirusDefs\20100924.004\navex15.sys -- (NAVEX15)
DRV - [2010/07/15 02:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\COMMON~1\Symantec Shared\VirusDefs\20100924.004\naveng.sys -- (NAVENG)
DRV - [2010/05/27 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 02:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/05/08 08:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 00:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/04/10 16:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007/03/01 15:11:32 | 000,100,400 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2007/03/01 15:11:32 | 000,066,672 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus)
DRV - [2007/02/27 09:21:00 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/14 08:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 08:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/02 10:03:26 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 20:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/01 21:14:38 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/10/17 10:59:06 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/10/17 10:57:58 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2006/09/19 10:58:58 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/10/19 16:39:04 | 000,195,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2005/10/19 16:38:58 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/09/16 23:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/08/26 13:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 13:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/03/30 20:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/06/09 12:37:42 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/08/17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2700236382-4009610293-4285289237-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...d=smb&pf=laptop
IE - HKU\S-1-5-21-2700236382-4009610293-4285289237-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...d=smb&pf=laptop
IE - HKU\S-1-5-21-2700236382-4009610293-4285289237-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2700236382-4009610293-4285289237-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9C67FCC4-402D-4B90-A1A4-5DFB9568D856}: C:\Documents and Settings\jprice\Local Settings\Application Data\{9C67FCC4-402D-4B90-A1A4-5DFB9568D856} [2010/09/26 13:49:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5C46E42F-AC54-4719-9779-308E8F58E866}: C:\Documents and Settings\Administrator.IDI\Local Settings\Application Data\{5C46E42F-AC54-4719-9779-308E8F58E866}\ [2010/09/30 20:12:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{84ED3979-6E30-4DF7-89EB-0C7FF0627D09}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{84ED3979-6E30-4DF7-89EB-0C7FF0627D09}


O1 HOSTS File: ([2014/02/06 10:24:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" File not found
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\HEWLET~1\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe File not found
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" File not found
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\SYMANT~1\VPTray.exe ()
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck .exe ()
O4 - HKLM..\Run: [yxxa .exe] "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" File not found
O4 - HKLM..\Run: [yxxa .exe] "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" File not found
O4 - HKLM..\Run: [yxxa .exe] "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" File not found
O4 - HKLM..\Run: [yxxa .exe] "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\COMMON~1\Microsoft Shared\DW\dwtrig20.exe ()
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\COMMON~1\Microsoft Shared\DW\dwtrig20.exe ()
O4 - HKU\S-1-5-21-2700236382-4009610293-4285289237-500..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-2700236382-4009610293-4285289237-500..\Run: [SUPERAntiSpyware] C:\AdwCleaner\newsas\SUPERAntiSpyware.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = File not found
O4 - Startup: C:\Documents and Settings\jprice\Start Menu\Programs\Startup\palmOne Registration.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2700236382-4009610293-4285289237-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2700236382-4009610293-4285289237-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-2700236382-4009610293-4285289237-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\MICROS~2\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2700236382-4009610293-4285289237-500\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = idi.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3547798B-5F35-49D9-8917-416E6C6F4EB7}: DhcpNameServer = 192.168.17.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\COMMON~1\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\COMMON~1\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\COMMON~1\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\COMMON~1\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\OneCard: DllName - (C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\AdwCleaner\newsas\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 17:07:00 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 09:01:00 | 000,000,053 | -HS- | M] () - E:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{0b31a1c8-a251-11dc-a4a2-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0b31a1c8-a251-11dc-a4a2-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0b31a1c8-a251-11dc-a4a2-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2014/02/13 08:58:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\bannana.exe
[2014/02/13 08:56:09 | 000,453,632 | ---- | C] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\FSS.exe
[2014/02/13 08:52:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswmbr.exe
[2014/02/10 16:38:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/02/10 12:20:38 | 001,139,200 | ---- | C] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\tea.exe
[2014/02/10 11:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\HP
[2014/02/06 15:37:02 | 000,000,000 | --SD | C] -- C:\Machiavelli
[2014/02/06 14:50:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/02/06 14:50:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/02/06 14:50:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/02/06 14:50:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/02/06 14:44:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/06 14:44:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2014/02/06 14:44:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2014/02/06 14:44:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/02/06 14:43:58 | 005,180,173 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\Machiavelli.exe
[2014/02/06 14:42:08 | 001,136,640 | ---- | C] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\apples.exe
[2014/02/06 10:24:07 | 001,139,200 | ---- | C] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\TSRF.exe
[2014/02/06 10:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\tripping
[2014/02/05 13:02:07 | 000,000,000 | ---D | C] -- C:\FRST
[2014/02/04 14:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gummy
[2014/02/04 00:39:28 | 000,000,000 | ---D | C] -- C:\pukingsoft
[2014/02/04 00:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2014/02/04 00:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014/02/04 00:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2014/02/04 00:27:09 | 017,946,224 | ---- | C] (SUPERAntiSpyware) -- C:\Documents and Settings\Administrator\Desktop\SAS_634F563.EXE
[2014/02/04 00:13:56 | 000,024,040 | ---- | C] (ThreatTrack Security) -- C:\WINDOWS\System32\drivers\gfiutil.sys
[2014/02/04 00:13:52 | 000,043,368 | ---- | C] (ThreatTrack Security) -- C:\WINDOWS\System32\drivers\gfiark.sys
[2014/02/04 00:11:22 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2014/02/03 23:54:33 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/03 23:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\rkill
[2014/02/03 20:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/03 20:43:59 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/02/03 19:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2014/02/03 19:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/02/03 19:19:19 | 000,000,000 | ---D | C] -- C:\Tech Support
[2014/02/03 19:17:39 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\9e5tusxsw1.exe
[2014/02/03 18:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Zeon
[2014/02/03 18:13:36 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2014/02/03 16:57:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/03 16:57:08 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2014/01/30 11:12:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache

========== Files - Modified Within 30 Days ==========

[2014/02/13 08:54:49 | 000,556,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/13 08:54:48 | 000,108,698 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/13 08:51:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/13 08:48:12 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2014/02/13 08:33:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\bannana.exe
[2014/02/13 08:33:06 | 000,453,632 | ---- | M] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\FSS.exe
[2014/02/13 08:32:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswmbr.exe
[2014/02/10 16:56:03 | 000,000,989 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/10 16:47:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job
[2014/02/10 15:57:04 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/10 15:55:14 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2014/02/10 11:58:48 | 001,139,200 | ---- | M] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\tea.exe
[2014/02/10 11:42:23 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2014/02/10 11:36:37 | 000,000,223 | -HS- | M] () -- C:\boot.ini
[2014/02/06 14:28:44 | 001,136,640 | ---- | M] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\apples.exe
[2014/02/06 14:27:46 | 005,180,173 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\Machiavelli.exe
[2014/02/06 10:56:54 | 000,602,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\oldmantimer.exe
[2014/02/06 10:24:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/06 10:13:44 | 001,139,200 | ---- | M] (Farbar) -- C:\Documents and Settings\Administrator\Desktop\TSRF.exe
[2014/02/06 10:13:44 | 001,139,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\farapple.exe
[2014/02/05 12:21:48 | 001,139,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FRST.exe
[2014/02/04 00:33:26 | 000,001,543 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/02/04 00:14:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2014/02/03 23:24:06 | 017,946,224 | ---- | M] (SUPERAntiSpyware) -- C:\Documents and Settings\Administrator\Desktop\SAS_634F563.EXE
[2014/02/03 23:19:16 | 001,933,048 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2014/02/03 23:09:38 | 000,602,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2014/02/03 23:09:24 | 000,602,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2014/02/03 22:50:52 | 000,602,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/02/03 22:50:52 | 000,602,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LOT.exe
[2014/02/03 16:42:52 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\9e5tusxsw1.exe
[2014/02/03 16:41:48 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2014/02/03 16:40:30 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
[2014/01/30 12:20:25 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2014/02/10 11:42:23 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2014/02/10 11:36:30 | 000,001,881 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\CCC.lnk
[2014/02/10 11:36:30 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2014/02/10 11:36:30 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2014/02/10 11:36:30 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
[2014/02/10 11:36:30 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2014/02/10 11:36:30 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2014/02/10 11:36:30 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2014/02/06 14:50:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/02/06 14:50:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/02/06 14:50:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/02/06 14:50:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/02/06 14:50:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/02/06 11:09:07 | 000,602,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\oldmantimer.exe
[2014/02/06 10:42:01 | 001,139,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\farapple.exe
[2014/02/05 13:01:42 | 001,139,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FRST.exe
[2014/02/04 15:02:38 | 000,602,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LOT.exe
[2014/02/04 00:33:26 | 000,001,543 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/02/04 00:14:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2014/02/03 23:49:34 | 001,933,048 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.exe
[2014/02/03 23:21:21 | 000,602,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2014/02/03 23:21:19 | 000,602,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2014/02/03 23:08:04 | 000,602,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/02/03 20:44:15 | 000,000,989 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/03 18:13:34 | 000,963,827 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Eusing Free Registry Cleaner.exe
[2014/02/03 16:57:07 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
[2014/01/30 14:44:55 | 000,094,748 | -H-- | C] () -- C:\Documents and Settings\Administrator\Q2aRNUk5.com
[2014/01/30 12:20:25 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2013/02/22 09:05:21 | 000,157,696 | ---- | C] () -- C:\WINDOWS\ERUNT.exe
[2010/09/26 18:35:51 | 000,094,748 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Q2aRNUk5.exe
[2010/09/26 17:50:14 | 000,094,748 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Q2aRNUk5.exe
[2010/09/26 13:47:34 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.wtav
[2010/09/26 08:05:14 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6P67h76C.dat
[2007/12/03 22:15:15 | 000,003,704 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2004/08/07 07:09:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/08/19 23:30:51 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2007/10/04 11:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2014/02/03 18:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zeon
[2007/10/04 11:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.IDI\Application Data\SampleView
[2010/09/30 20:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.IDI\Application Data\Zeon
[2007/12/10 11:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2007/12/10 13:22:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/04/29 09:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/09/26 13:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/04/14 15:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/01/17 17:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/04/12 10:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2014/02/10 17:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2008/01/17 17:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2007/10/04 11:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2007/10/04 11:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2010/09/28 18:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jprice\Application Data\5EA97B781BC5DE402D4C9F10CAC3D91E
[2007/12/10 11:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jprice\Application Data\Autodesk
[2008/05/13 12:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jprice\Application Data\ExpensAble
[2008/04/29 09:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jprice\Application Data\HotSync
[2009/07/25 09:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jprice\Application Data\InterVideo
[2008/04/29 09:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jprice\Application Data\Leadertech
[2007/10/04 11:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jprice\Application Data\SampleView
[2008/01/21 13:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jprice\Application Data\ScanSoft
[2008/04/14 15:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jprice\Application Data\TaxCut
[2008/05/22 08:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jprice\Application Data\Windows Desktop Search
[2008/12/26 22:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jprice\Application Data\Windows Search
[2008/01/17 17:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jprice\Application Data\Zeon
[2008/12/04 14:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Zeon

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 05:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 05:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 05:41:52 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 05:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 05:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/14 05:41:54 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 05:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 05:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 05:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 05:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 05:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 05:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 05:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 07:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 05:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 05:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 06:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 05:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 05:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 05:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 05:42:12 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/14 05:42:08 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 05:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 05:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 05:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 05:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 05:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2008/04/14 05:42:06 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 05:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 05:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 05:41:56 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 05:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 05:42:30 | 000,078,848 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 05:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 06:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 05:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 05:42:12 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 00:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %systemdrive%\*.exe >

< MD5 for: RPCSS.DLL >
[2008/04/14 05:42:06 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2008/04/14 05:42:06 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2008/04/13 18:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rpcss.dll
[2005/01/14 02:55:50 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=419899803CA479B73B02390318C787C0 -- C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll
[2004/08/04 02:00:00 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\WINDOWS\$NtUninstallKB873333$\rpcss.dll
[2009/02/09 06:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 06:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 04:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2005/01/13 23:07:42 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=94456045BEB4545B5EBE1DCC85951AFA -- C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[2005/07/25 22:20:40 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=C369DF215D352B6F3A0B8C3469AA34F8 -- C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[2005/04/28 13:31:11 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=C8061F289E000703E7672916B7FE1571 -- C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll
[2005/07/25 22:39:49 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=CE94A2BD25E3E9F4D46A7373FF455C6D -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2005/04/28 13:35:01 | 000,396,288 | ---- | M] (Microsoft Corporation) MD5=DA383FB39A6F1C445F3AFC94B3EB1248 -- C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll

< C:\program files (x86)\Google\Desktop >
[2004/08/04 02:00:00 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2004/08/07 07:19:22 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/04/18 11:09:07 | 000,000,260 | ---- | C] () -- C:\WINDOWS\Tasks\WGASetup.job
[2010/09/26 13:47:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\Tasks\Updater.job

< C:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 4734-3C75
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
08/11/2010 02:17 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
08/11/2010 02:17 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 29,467,295,744 bytes free

< End of report >
  • 0

#57
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Extras Log

OTL Extras logfile created on: 2/13/2014 8:58:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.23 Mb Total Physical Memory | 95.80 Mb Available Physical Memory | 21.42% Memory free
1.03 Gb Paging File | 0.61 Gb Available in Paging File | 59.24% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.78 Gb Total Space | 27.44 Gb Free Space | 42.36% Space Free | Partition Type: NTFS
Drive E: | 9.74 Gb Total Space | 9.48 Gb Free Space | 97.32% Space Free | Partition Type: NTFS
Drive F: | 3.61 Gb Total Space | 3.60 Gb Free Space | 99.83% Space Free | Partition Type: FAT32

Computer Name: JPRICELAP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\WINDOWS\system32\mstsc.exe" = C:\WINDOWS\system32\mstsc.exe:*:Disabled:Remote Desktop Connection -- (Microsoft Corporation)
"D:\setup\HPZnet01.exe" = D:\setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in
"C:\WINDOWS\system32\hphmon06.exe" = C:\WINDOWS\system32\hphmon06.exe:*:Disabled:HPHmon06 -- (Hewlett-Packard)
"C:\TEMP\photosmart6.2\enu\net\setup\HPZnet01.exe" = C:\TEMP\photosmart6.2\enu\net\setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- (Hewlett-Packard)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\EXCEL.EXE" = C:\Program Files\Microsoft Office\Office12\EXCEL.EXE:*:Disabled:Microsoft Office Excel -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\WINDOWS\system32\mstsc.exe" = C:\WINDOWS\system32\mstsc.exe:*:Enabled:Remote Desktop Connection -- (Microsoft Corporation)
"C:\WINDOWS\system32\hphmon06.exe" = C:\WINDOWS\system32\hphmon06.exe:*:Disabled:HPHmon06 -- (Hewlett-Packard)
"C:\Program Files\Microsoft Office\Office12\MSPUB.EXE" = C:\Program Files\Microsoft Office\Office12\MSPUB.EXE:*:Enabled:Microsoft Office Publisher -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B93B3A-283F-411B-A648-69CABCACC986}" = Canon MF Drivers
"{02892741-0201-BCB5-C2EC-1ACC90606E0A}" = Catalyst Control Center Localization Dutch
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07DEF940-7355-50C9-298F-38E8CE0EBDCA}" = Catalyst Control Center Graphics Light
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08AE3CD6-E065-37AA-D2B3-07051D45286F}" = CCC Help Russian
"{09258F12-48E7-B18E-C414-1F48C215685F}" = ccc-core-static
"{0B7BBC67-FFB4-3743-E3F8-03D1AF729B70}" = Catalyst Control Center Graphics Full New
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1293BBC6-2E1F-995B-4229-1ADA86E747D2}" = Catalyst Control Center Localization French
"{15B3667C-3468-4B03-8CC1-0EE41AD589F3}" = PSPrinters06
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1EDE8D45-7214-D099-53E7-749C1997329E}" = Catalyst Control Center Localization Chinese Standard
"{1F40F8F1-B4BC-4A5B-B1A6-363FBDD30F0C}" = eDrawings 2008
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{272A7F68-5DB1-0929-8FBF-B458D450FE14}" = Catalyst Control Center Localization Japanese
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2FBAC41E-9400-9975-78F4-B4EFBE1FD8E2}" = Catalyst Control Center Localization German
"{3110F6EA-EE42-C9C0-A177-860D75EDE636}" = Catalyst Control Center Localization Korean
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 F2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3F92730A-794E-01FC-4EBC-766F4DCE5D67}" = CCC Help English
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer
"{426C7CC1-5AC3-4758-A40C-6446F2CEA8C9}" = ccc-Branding
"{429E92A4-159F-4AEC-85A1-D693E1E4274D}" = HP 3D DriveGuard
"{435D2D09-D775-FDA4-2610-EE044A8270E8}" = CCC Help Italian
"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus
"{47471E78-EFA2-D9A2-7D01-5B0D3931D140}" = CCC Help Hungarian
"{47F97CE9-9EB2-40B1-B794-7EB77DF909C0}" = ScanSoft PDF Create! 4
"{4DBB9521-29F6-CE3D-FFE1-ADA665A0FB38}" = Catalyst Control Center Localization Chinese Traditional
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{53388D9F-0B31-B16D-2591-431837C84F8B}" = Catalyst Control Center Localization Finnish
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541BFB68-41E7-1FB7-9718-27C46ED7B754}" = Catalyst Control Center Localization Portuguese
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{572B04AD-8812-ABDD-E78D-761D413F8D53}" = Catalyst Control Center Localization Norwegian
"{5783F2D7-0209-0409-0000-0060B0CE6BBA}" = AutoCAD LT 2004
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6A1E7380-BE8C-A1F8-B94F-1D79A4C28985}" = CCC Help Japanese
"{6BE58A52-CB03-E69E-FE6A-5E500C2A6D05}" = CCC Help Chinese Traditional
"{6CE339FE-4FCB-CBCC-704C-092A044FA724}" = CCC Help Chinese Standard
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{70465DF9-5077-73E9-81F8-B7955DF74130}" = CCC Help Czech
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{73B591D7-32EF-9C1A-E2A9-D119390CBEF3}" = CCC Help German
"{7669846A-8FE4-55CC-D2FD-7D8FB015450E}" = CCC Help Swedish
"{778AA054-858E-3997-AA10-F9B378AB1DEF}" = Catalyst Control Center Localization Russian
"{795B33DF-67F6-48FB-A730-7B9A6AE35E8D}" = PS8700
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}" = HP User Guide Bluetooth Addendum 0062
"{81242661-5588-E2AC-65FF-06CEF7527D61}" = Catalyst Control Center Localization Polish
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8E9C9687-4EA2-9459-DE69-4CE1414DB265}" = Catalyst Control Center Localization Hungarian
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90500409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 [English]
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{93A94664-6CB9-54E2-D2E2-0FC894F457CD}" = CCC Help Dutch
"{941E6A4B-0B43-0875-2024-4F1A0FCE9293}" = CCC Help Danish
"{9A80B505-F97E-7813-A7DA-594CC6E20448}" = Catalyst Control Center Graphics Full Existing
"{9FB73888-C6F3-7687-DEA1-66AFAE237A7D}" = CCC Help Norwegian
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB105D15-5224-890B-7B28-1A4086C09F47}" = Catalyst Control Center Localization Greek
"{AB232CC2-7F49-2F07-8979-EF16498603BF}" = Catalyst Control Center Localization Swedish
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (PROPHETSQL)
"{B2CA73C1-2247-4000-9F52-6732C1610B18}_is1" = SMC InfiniLink 2007.1213
"{B84C847D-F708-EFC4-A7F4-16C0A407B0C3}" = CCC Help French
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BA2D9411-DBB4-43e4-9421-780413650A67}" = Photosmart 320,370,7400,8100,8400,8700 Series
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4F9000B-677C-DBE0-8213-C47E04F098C1}" = Catalyst Control Center Core Implementation
"{C74D0FA0-1D49-464F-A707-B427EE3385C1}" = HP BIOS Configuration for ProtectTools
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9EA192F-AEC6-18B1-D641-8ADF9F892260}" = CCC Help Turkish
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB8CDB72-8323-E26C-1FCB-C5497EA451A6}" = Catalyst Control Center Localization Spanish
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D52856-B412-9CEE-C10D-BA5C6F2DDD6E}" = Catalyst Control Center Localization Danish
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom NetXtreme Ethernet Controller
"{D3F2542C-0962-1313-CA4F-942E37889349}" = Catalyst Control Center Localization Czech
"{D97215A1-196F-E4BA-B531-4E1AF9393E69}" = ccc-utility
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC5437E1-6C27-E514-5DD3-CDB9E516AF16}" = Catalyst Control Center Localization Thai
"{DC8CF830-12C4-2AFF-1DB6-09A47CEBFEAB}" = Catalyst Control Center Localization Italian
"{E1201237-AE20-F128-DA8E-47859AE55889}" = CCC Help Finnish
"{E25AA53F-6878-4C64-8130-EB8D678DF303}" = HP User Guides 0064
"{E434580A-2D4A-4433-A81E-4BCAE86AD148}" = palmOne
"{E574C0AC-550B-68A4-4D89-B1940C536229}" = CCC Help Polish
"{E6451EF8-8ACB-7640-2DE3-AEF23DF02BFA}" = CCC Help Thai
"{E9339644-F92D-96C5-7AB7-384818825698}" = Catalyst Control Center Localization Turkish
"{EE52FA1D-A4F9-02A5-5C4A-00B1D15CCF26}" = CCC Help Portuguese
"{EE9D54F6-EA22-6160-9C4F-45331E9104B6}" = CCC Help Greek
"{EEA1220D-9772-F11B-0110-AA5680DCEEDE}" = CCC Help Korean
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F9A859AB-09BC-F1B4-83C1-F70C462AD066}" = CCC Help Spanish
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Illustrator 8.0" = Adobe Illustrator 8.0
"Adobe Photoshop v4.0" = Adobe Photoshop v4.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Autodesk Express Viewer" = Autodesk Express Viewer
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HP Deskjet 3740 Series_Driver" = HP Deskjet 3740 Series
"HP Photo & Imaging" = HP Image Zone 4.7
"HP Photosmart 8700 Series_Driver" = HP Photosmart 8700 Series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROHYBRIDR" = 2007 Microsoft Office system
"PROPLUS" = Microsoft Office Professional Plus 2007
"QwikQuote 6.0 Node" = QwikQuote 6.0 Node
"RealVNC_is1" = VNC Enterprise Edition E4.3-K1
"SS4" = Microsoft Visual SourceSafe V5.0
"ST6UNST #1" = SIM Recovery Pro v1.2.2
"ST6UNST #2" = KRW's Periodic Table Software (2002-02-25)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Virtual Pool 3 Preview" = Virtual Pool 3 Preview
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/10/2014 6:42:59 PM | Computer Name = JPRICELAP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/10/2014 6:43:01 PM | Computer Name = JPRICELAP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/10/2014 6:47:03 PM | Computer Name = JPRICELAP | Source = Application Error | ID = 1000
Description = Faulting application scheduler .exe, version 1.0.6.7, faulting module
oleaut32.dll, version 5.1.2600.5512, fault address 0x00004ee9.

Error - 2/10/2014 7:16:39 PM | Computer Name = JPRICELAP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/10/2014 7:16:41 PM | Computer Name = JPRICELAP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/13/2014 10:48:05 AM | Computer Name = JPRICELAP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/13/2014 10:48:06 AM | Computer Name = JPRICELAP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/13/2014 10:49:28 AM | Computer Name = JPRICELAP | Source = MSSQL$PROPHETSQL | ID = 17207
Description = FCB::Open: Operating system error 32(The process cannot access the
file because it is being used by another process.) occurred while creating or opening
file 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'. Diagnose
and correct the operating system error, and retry the operation.

Error - 2/13/2014 10:49:28 AM | Computer Name = JPRICELAP | Source = MSSQL$PROPHETSQL | ID = 17204
Description = FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 32(The process
cannot access the file because it is being used by another process.).

Error - 2/13/2014 10:53:09 AM | Computer Name = JPRICELAP | Source = Application Error | ID = 1000
Description = Faulting application scheduler .exe, version 1.0.6.7, faulting module
oleaut32.dll, version 5.1.2600.5512, fault address 0x00004ee9.

[ OSession Events ]
Error - 2/5/2008 1:06:36 AM | Computer Name = JPRICELAP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 6484
seconds with 1920 seconds of active time. This session ended with a crash.

Error - 2/11/2008 10:55:52 AM | Computer Name = JPRICELAP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 413
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/19/2008 10:00:38 PM | Computer Name = JPRICELAP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2866
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 4/30/2008 4:00:34 PM | Computer Name = JPRICELAP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17125
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 4/30/2008 4:16:53 PM | Computer Name = JPRICELAP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 954
seconds with 720 seconds of active time. This session ended with a crash.

Error - 5/1/2008 12:08:31 AM | Computer Name = JPRICELAP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4521
seconds with 600 seconds of active time. This session ended with a crash.

Error - 12/11/2008 5:11:42 PM | Computer Name = JPRICELAP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11570
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 4/13/2009 4:30:44 PM | Computer Name = JPRICELAP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 610
seconds with 480 seconds of active time. This session ended with a crash.

Error - 4/13/2009 4:44:13 PM | Computer Name = JPRICELAP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 792
seconds with 780 seconds of active time. This session ended with a crash.

Error - 12/29/2009 5:26:59 PM | Computer Name = JPRICELAP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12574
seconds with 1500 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/13/2014 10:54:06 AM | Computer Name = JPRICELAP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 2/13/2014 10:54:06 AM | Computer Name = JPRICELAP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 2/13/2014 10:54:06 AM | Computer Name = JPRICELAP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 2/13/2014 10:54:06 AM | Computer Name = JPRICELAP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 2/13/2014 10:54:06 AM | Computer Name = JPRICELAP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 2/13/2014 10:56:29 AM | Computer Name = JPRICELAP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 2/13/2014 10:56:29 AM | Computer Name = JPRICELAP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 2/13/2014 10:57:47 AM | Computer Name = JPRICELAP | Source = DCOM | ID = 10005
Description = DCOM got error "%5" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 2/13/2014 10:57:47 AM | Computer Name = JPRICELAP | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
error: %%5

Error - 2/13/2014 11:01:06 AM | Computer Name = JPRICELAP | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding


< End of report >
  • 0

#58
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Thanks for your assistance.

You're welcome!

I can't really tell you how the computer is running. It is only on when I'm completing GTG instructions. It is booting about the same. Normal hardware and application errors. I noticed on the last boot I didn't get the DLL error. No malicious pop ups anymore.

Acknowledged, probably be prudent to continue limiting online access until I advise otherwise.

Is the subscription still active for the presently installed Symantec AntiVirus ?

Next:

Now I have a fair few tasks for your good self to complete below, just take your time and all should go well.

Re-scan with aswMBR:

  • Double-click on aswMBR.exe to start the program.
  • Now click on the Scan button to start scan.
  • On completion of the scan click the FIX button. (Do not use the "Fix MBR" button.)
  • When the FIX process has completed, please reboot your machine if not prompted to.
  • After your machine has rebooted, double-click on aswMBR.exe to start the program.
  • Then click on the Scan button to start scan.
  • On completion of the scan click on Save Log, save it to your desktop and post the contents in your next reply
ESET ServicesRepair:

Please download ServicesRepair to the desktop.

  • Double click on ServicesRepair.exe to start the program >> Yes
  • Reboot your computer at the prompt.
Note: there will now be a folder named CC Support on the desktop, do not delete this until I give the all clear.

Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Commands
[CreateRestorePoint]

:OTL
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2700236382-4009610293-4285289237-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...d=smb&pf=laptop
IE - HKU\S-1-5-21-2700236382-4009610293-4285289237-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...d=smb&pf=laptop
IE - HKU\S-1-5-21-2700236382-4009610293-4285289237-500\..\SearchScopes,DefaultScope = 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe File not found
O4 - HKLM..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe File not found
O4 - HKLM..\Run: [yxxa .exe] "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" File not found
O4 - HKLM..\Run: [yxxa .exe] "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" File not found
O4 - HKLM..\Run: [yxxa .exe] "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" File not found
O4 - HKLM..\Run: [yxxa .exe] "C:\DOCUME~1\jprice\LOCALS~1\Temp\yxxa .exe" File not found
O4 - HKU\.DEFAULT..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [TSClientAXDisabler] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = File not found
O4 - Startup: C:\Documents and Settings\jprice\Start Menu\Programs\Startup\palmOne Registration.lnk = File not found
O15 - HKLM\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: download-soft-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: download-software-package.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: get-key-se10.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2700236382-4009610293-4285289237-500\..Trusted Domains: fastestdeploy.com ([]http in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
[2010/09/26 17:50:14 | 000,094,748 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Q2aRNUk5.exe
[2010/09/26 13:47:34 | 000,000,979 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.wtav
[2010/09/26 08:05:14 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6P67h76C.dat

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
netsh winsock reset all /c
netsh int ip reset all /c

:Commands
[EmptyTemp]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. If not reboot manually and the report should appear in Notepad after the reboot.
Note: The log-file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Re-scan with FSS:

  • Double-click on FSS.exe to start the program.
  • Select all available options.
  • Then click on the Scan tab.
  • When the scan is complete, it will produce a log named FSS.txt.
  • Post the contents in your next reply.
Next:

When completed the above, please post back the following in the order asked for:

  • Answer to my Symantec AntiVirus subscription query.
  • New aswMBR Log.
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
  • New Farbar Service Scanner Log

  • 0

#59
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP