Can't run Malwarebytes
Started by
, Nov 30 2011 10:03 PM
Posted 30 November 2011 - 10:03 PM
Posted 03 December 2011 - 08:36 AM
Hello, psu88!
I'm Nedklaw and I'll be glad to help you with your malware issues.
I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.
These instructions are specifically designed for psu88 only. No one else should follow these instructions because it can cause serious damage to your computer.
Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
Step 1
Download OTL to your Desktop.
Step 2
Download aswMBR.exe (1.8mb) to your desktop.
Double click aswMBR.exe to run it.
Click the "Scan" button to start the scan.
On completion of the scan click save log, save it to your desktop and post it in your next reply.
Step 3
Things I want to see in your next reply
I'm Nedklaw and I'll be glad to help you with your malware issues.
I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.
These instructions are specifically designed for psu88 only. No one else should follow these instructions because it can cause serious damage to your computer.
Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
- Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
- Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
- Be patient with me, logs can take some time to research and my life can mean that I'm busy.
- Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
- If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
- NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
- Refrain from running any other tools apart from the ones I tell you to.
Step 1
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
- Select Scan All Users.
- Under the Custom Scan box paste this in:
netsvcs %SYSTEMDRIVE%\*.exe %USERPROFILE%\..|smtmp;true;true;true /FP /md5start explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop %systemroot%\*. /mp /s hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs C:\Windows\assembly\tmp\U\*.* /s CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Step 2
Download aswMBR.exe (1.8mb) to your desktop.
Double click aswMBR.exe to run it.
Click the "Scan" button to start the scan.
On completion of the scan click save log, save it to your desktop and post it in your next reply.
Step 3
- Click on the Start button and then choose Control Panel.
- Click on the System and Security link.
Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
- In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
- In the Administrative Tools window, double-click on the Computer Management icon.
- When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.
After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.
Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Things I want to see in your next reply
- OTL.txt
- Extras.txt
- aswMBR.txt
- A screenshot of the Disk Management Window
Posted 03 December 2011 - 06:27 PM
Problems with everything so far.
When i try to run OTL or aswMBR I get the dialog box that says "Vista Security 2012 has blocked a program from accessing the internet"
Then it says that OTL.exe is infected with Trojan-BNK.WIN32.Keylogger.gen and it will not let the program run.
It will not let me do a screen shot. When I go into Control Panel - Administrative Tools, it says the folder is empty
When i try to run OTL or aswMBR I get the dialog box that says "Vista Security 2012 has blocked a program from accessing the internet"
Then it says that OTL.exe is infected with Trojan-BNK.WIN32.Keylogger.gen and it will not let the program run.
It will not let me do a screen shot. When I go into Control Panel - Administrative Tools, it says the folder is empty
Posted 04 December 2011 - 11:45 AM
Lets try a different approach.
Step 1
Download RogueKiller to your desktop
Step 2
Quit all running programs and run RogueKiller once again.
Please post the contents of the RKreport[1].txt in your next reply.
Step 3
Download OTL to your Desktop.
Rename it to psu88.
Step 4
Download aswMBR.exe (1.8mb) to your desktop.
Rename it to Nedklaw.
Double click Nedklaw.exe to run it.
Click the "Scan" button to start the scan.
On completion of the scan click save log, save it to your desktop and post it in your next reply.
Step 5
Follow the instructions here to restore the Administrative Tools folder.
Step 6
Things I want to see in your next reply
Lets try a different approach.
Step 1
Download RogueKiller to your desktop
- Quit all running programs
- For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe.
- When prompted, type 2 and validate.
- The RKreport.txt shall be generated next to the executable.
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe.
Step 2
Quit all running programs and run RogueKiller once again.
- For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe.
- When prompted, type 6 and validate.
- The RKreport[1].txt shall be generated next to the executable.
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe.
Please post the contents of the RKreport[1].txt in your next reply.
Step 3
Download OTL to your Desktop.
Rename it to psu88.
- Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
- Select Scan All Users.
- Under the Custom Scan box paste this in:
netsvcs %SYSTEMDRIVE%\*.exe /md5start explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs %Temp%\smtmp\1\*.* %Temp%\smtmp\2\*.* %Temp%\smtmp\3\*.* %Temp%\smtmp\4\*.* C:\Windows\assembly\tmp\U\*.* /s CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Step 4
Download aswMBR.exe (1.8mb) to your desktop.
Rename it to Nedklaw.
Double click Nedklaw.exe to run it.
Click the "Scan" button to start the scan.
On completion of the scan click save log, save it to your desktop and post it in your next reply.
Step 5
Follow the instructions here to restore the Administrative Tools folder.
Step 6
- Click on the Start button and then choose Control Panel.
- Click on the System and Security link.
Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
- In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
- In the Administrative Tools window, double-click on the Computer Management icon.
- When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.
After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.
Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Things I want to see in your next reply
- RKreport.txt
- RKreport[1].txt
- OTL.txt
- Extras.txt
- aswMBR.txt
- A screenshot of the Disk Management Window
Posted 04 December 2011 - 07:09 PM
Wow - what a difference the RogueKiller made.
First RKreport:
RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User: Judi [Admin rights]
Mode: Remove -- Date : 12/04/2011 14:12:03
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 8 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILE ASSO] HKCU\Software\Classes\.exe\shell\open\command : ("C:\Users\Judi\AppData\Local\ugd.exe" -a "%1" %*) -> REPLACED ("%1" %*)
[FILE ASSO] HKCU\Software\Classes\exefile\shell\open\command : ("C:\Users\Judi\AppData\Local\ugd.exe" -a "%1" %*) -> REPLACED ("%1" %*)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Users\Judi\AppData\Local\ugd.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe")
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Users\Judi\AppData\Local\ugd.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe" -safe-mode)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Users\Judi\AppData\Local\ugd.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files\internet explorer\iexplore.exe")
¤¤¤ Particular Files / Folders: ¤¤¤
[FOLDER] plugs : c:\users\judi\appdata\roaming\adobe\plugs --> REMOVED
[FOLDER] shed : c:\users\judi\appdata\roaming\adobe\shed --> REMOVED
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
Finished : << RKreport[1].txt >>
Second RKreport:
RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User: Judi [Admin rights]
Mode: Shortcuts HJfix -- Date : 12/04/2011 14:20:03
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 215 / Fail 0
Quick launch: Success 13 / Fail 0
Programs: Success 5948 / Fail 1
Start menu: Success 131 / Fail 0
User folder: Success 16830 / Fail 0
My documents: Success 240 / Fail 0
My favorites: Success 66 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 918 / Fail 0
My videos: Success 8 / Fail 0
Local drives: Success 18921 / Fail 0
Backup: [FOUND] Success 335 / Fail 19
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
¤¤¤ Infection : Rogue.FakeHDD ¤¤¤
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
OTL logfile created on: 12/4/2011 2:39:17 PM - Run 1
OTL by OldTimer - Version Folder = C:\Users\Judi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.27 Mb Total Physical Memory | 260.67 Mb Available Physical Memory | 25.73% Memory free
2.24 Gb Paging File | 1.39 Gb Available in Paging File | 62.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.60 Gb Total Space | 54.27 Gb Free Space | 39.44% Space Free | Partition Type: NTFS
Drive D: | 11.44 Gb Total Space | 1.98 Gb Free Space | 17.30% Space Free | Partition Type: NTFS
Computer Name: JUDI-PC | User Name: Judi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/12/03 19:14:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Judi\Desktop\OTL(1).exe
PRC - [2011/10/26 09:34:11 | 000,116,608 | ---- | M] ( -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/10/26 09:34:06 | 004,615,552 | ---- | M] ( -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 21:24:29 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
========== Modules (No Company Name) ==========
MOD - [2011/12/04 14:33:05 | 000,063,488 | ---- | M] () -- C:\ProgramData\\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/12/04 14:33:05 | 000,052,736 | ---- | M] () -- C:\ProgramData\\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/11/30 21:51:58 | 000,117,760 | ---- | M] () -- C:\ProgramData\\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/11/30 21:51:58 | 000,052,224 | ---- | M] () -- C:\ProgramData\\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/10/26 09:34:11 | 000,116,608 | ---- | M] ( [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/03/17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/01/17 20:00:19 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/02/18 16:26:52 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/10/03 17:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/14 17:59:44 | 000,067,664 | ---- | M] ( and [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/14 17:59:43 | 000,012,880 | ---- | M] ( and [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/14 09:24:14 | 000,075,264 | ---- | M] () [File_System | Unknown | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2010/12/04 18:59:17 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Normandy.sys -- (Normandy)
DRV - [2010/03/10 12:26:32 | 000,012,872 | ---- | M] ( and [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/02/27 05:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/10/11 06:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/25 06:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 17:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/23 16:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...sario&pf=laptop
IE - HKLM\..\URLSearchHook: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - "Search the Web"
FF - true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.346
FF - prefs.js..extensions.enabledItems: {59610025-BFA6-40AC-A478-50D98AD533ED}:1.9.1
FF - prefs.js..extensions.enabledItems: ChoiceGuard@Microsoft:2.0
FF - 4
FF - HKLM\Software\MozillaPlugins\ C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\ C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\,version=: File not found
FF - HKLM\Software\MozillaPlugins\,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\ Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/07/18 04:24:06 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Common Files\Oberon Media\NCAdapter\\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\ Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\ Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version= C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/15 18:43:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\ProgramData\iWin Games\firefox [2010/06/22 16:16:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 21:18:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/31 11:39:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/15 18:43:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{59610025-BFA6-40AC-A478-50D98AD533ED}: C:\Users\Judi\AppData\Local\{59610025-BFA6-40AC-A478-50D98AD533ED}\ [2011/05/26 11:00:08 | 000,000,000 | ---D | M]
[2010/10/29 09:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judi\AppData\Roaming\Mozilla\Extensions
[2010/10/29 09:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judi\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/09/22 22:33:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judi\AppData\Roaming\Mozilla\Firefox\extensions
[2010/11/29 01:18:18 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Judi\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/11/04 09:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judi\AppData\Roaming\Mozilla\Firefox\Profiles\2nawkxyv.default\extensions
[2010/11/29 01:18:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Judi\AppData\Roaming\Mozilla\Firefox\Profiles\2nawkxyv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/18 04:35:13 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\Judi\AppData\Roaming\Mozilla\Firefox\Profiles\2nawkxyv.default\extensions\ChoiceGuard@Microsoft
[2011/10/25 09:21:40 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Judi\AppData\Roaming\Mozilla\Firefox\Profiles\2nawkxyv.default\extensions\[email protected]
[2011/11/11 21:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/26 11:00:08 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\JUDI\APPDATA\LOCAL\{59610025-BFA6-40AC-A478-50D98AD533ED}
[2011/11/11 21:17:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/12/21 22:17:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/12/09 04:58:24 | 000,274,432 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/08/30 14:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/11/25 12:09:47 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober248823419.xml
[2011/01/18 22:01:25 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober31269246.xml
[2011/06/07 18:13:08 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober56812990.xml
[2011/11/11 21:18:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Gears (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\\npGoogleOneClick8.dll
CHR - plugin: Photosynth (Enabled) = C:\Program Files\Photosynth\npPhotosynthMozilla.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
Hosts file not found
O2 - BHO: (TranslatorBar 1 Toolbar) - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (TranslatorBar 1 Toolbar) - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\..\Toolbar\WebBrowser: (TranslatorBar 1 Toolbar) - {00BF7B9C-ACD2-4080-BEA8-B1C41987070F} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (
O3 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [SBC_McciTrayApp] C:\Program Files\SBC\update\SST.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Seagull Drivers] C:\Windows\ssdal_nc.exe ()
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (Reg Error: Key error.)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} (Java Plug-in 1.6.0_23)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.cust...l/java/ (Live Collaboration)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C165FAD-FD64-44C6-BC43-B4E95A584808}: DhcpNameServer =
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/27 02:45:25 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | --S- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000..exefile [open] -- "%1" %*
O37 - HKLM\ [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2011/12/04 14:30:00 | 000,000,000 | ---D | C] -- C:\Users\Judi\Desktop\files
[2011/12/04 14:29:46 | 000,000,000 | ---D | C] -- C:\Users\Judi\Desktop\shortcuts
[2011/12/04 14:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/12/04 14:10:57 | 000,000,000 | ---D | C] -- C:\Users\Judi\Desktop\RK_Quarantine
[2011/12/03 19:15:30 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Judi\Desktop\aswMBR(1).exe
[2011/12/03 19:14:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Judi\Desktop\OTL(1).exe
[2011/12/01 17:23:23 | 000,032,256 | ---- | C] (TWX Corp.) -- C:\Windows\System32\
[2011/11/30 19:40:14 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Users\Judi\AppData\Local\ugd.exe
[2011/11/22 21:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/04 19:27:04 | 000,000,000 | ---D | C] -- C:\Users\Judi\AppData\Local\userNetTask
[1 C:\Users\Judi\Documents\*.tmp files -> C:\Users\Judi\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/12/04 14:12:46 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/04 14:08:32 | 000,001,356 | ---- | M] () -- C:\Users\Judi\AppData\Local\d3d9caps.dat
[2011/12/04 13:50:47 | 000,754,176 | ---- | M] () -- C:\Users\Judi\Desktop\RogueKiller.exe
[2011/12/04 13:42:53 | 000,010,728 | --S- | M] () -- C:\Users\Judi\AppData\Local\hlpfte0f0hwv6uin8hej0m504y3u
[2011/12/04 13:42:53 | 000,010,728 | --S- | M] () -- C:\ProgramData\hlpfte0f0hwv6uin8hej0m504y3u
[2011/12/03 19:16:00 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Judi\Desktop\aswMBR(1).exe
[2011/12/03 19:14:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Judi\Desktop\OTL(1).exe
[2011/12/03 18:36:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/01 17:37:35 | 000,000,112 | ---- | M] () -- C:\ProgramData\s831KJO25.dat
[2011/12/01 17:32:26 | 000,000,000 | ---- | M] () -- C:\ProgramData\ahY2dAji.exe.b
[2011/12/01 17:31:58 | 000,116,224 | ---- | M] () -- C:\ProgramData\ahY2dAji.exe
[2011/12/01 17:23:13 | 000,032,256 | ---- | M] (TWX Corp.) -- C:\Windows\System32\
[2011/11/30 22:26:30 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/30 22:25:40 | 000,645,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/30 22:25:40 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/30 22:19:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/11/30 22:12:19 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/11/30 22:10:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/30 22:09:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/30 22:09:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/30 20:07:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/29 22:06:26 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{15C0AF03-2699-4957-AF16-890EE2110E3F}.job
[2011/11/22 19:46:24 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJudi.job
[1 C:\Users\Judi\Documents\*.tmp files -> C:\Users\Judi\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/12/04 14:13:12 | 000,002,048 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2010.lnk
[2011/12/04 14:13:12 | 000,001,719 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Play iWin Games.lnk
[2011/12/04 14:13:12 | 000,000,938 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/04 14:13:12 | 000,000,923 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/12/04 14:13:12 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/04 14:13:12 | 000,000,258 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/12/04 14:13:12 | 000,000,240 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/12/04 14:13:11 | 000,002,619 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook 2010.lnk
[2011/12/04 14:13:11 | 000,001,955 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/04 14:13:11 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2011/12/04 14:13:11 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2011/12/04 14:13:11 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/04 14:13:11 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2011/12/04 14:13:11 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2011/12/04 14:13:11 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2011/12/04 14:13:11 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/12/04 14:13:11 | 000,001,720 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/12/04 14:13:11 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2011/12/04 14:13:11 | 000,001,034 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.5.lnk
[2011/12/04 14:13:11 | 000,000,943 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/04 14:13:11 | 000,000,936 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/12/04 14:13:11 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2011/12/04 14:13:09 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/04 14:13:09 | 000,001,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/12/04 14:13:09 | 000,001,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
[2011/12/04 14:13:07 | 000,000,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2011/12/04 14:13:04 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/04 14:13:04 | 000,001,184 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2011/12/04 14:13:04 | 000,001,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/12/04 14:13:03 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/12/04 14:13:02 | 000,001,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
[2011/12/04 14:13:02 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/04 14:13:00 | 000,001,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk
[2011/12/04 14:13:00 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/12/04 14:12:58 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2011/12/04 14:12:58 | 000,001,736 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Play.lnk
[2011/12/04 14:12:58 | 000,001,712 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2011/12/04 14:12:57 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/04 14:12:56 | 000,000,886 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
[2011/12/04 14:11:45 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/04 13:50:41 | 000,754,176 | ---- | C] () -- C:\Users\Judi\Desktop\RogueKiller.exe
[2011/12/01 17:32:26 | 000,116,224 | ---- | C] () -- C:\ProgramData\ahY2dAji.exe
[2011/12/01 17:32:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\ahY2dAji.exe.b
[2011/12/01 17:23:23 | 000,000,112 | ---- | C] () -- C:\ProgramData\s831KJO25.dat
[2011/11/30 19:40:27 | 000,010,728 | --S- | C] () -- C:\Users\Judi\AppData\Local\hlpfte0f0hwv6uin8hej0m504y3u
[2011/11/30 19:40:27 | 000,010,728 | --S- | C] () -- C:\ProgramData\hlpfte0f0hwv6uin8hej0m504y3u
[2011/06/15 17:58:23 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/05/26 11:00:11 | 000,000,120 | ---- | C] () -- C:\Users\Judi\AppData\Local\Tsavucefuheli.dat
[2011/05/26 11:00:11 | 000,000,000 | ---- | C] () -- C:\Users\Judi\AppData\Local\Tsarubesidacibi.bin
[2011/05/25 21:23:05 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~43441912r
[2011/05/25 21:23:05 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~43441912
[2011/05/25 21:22:13 | 000,000,400 | ---- | C] () -- C:\ProgramData\43441912
[2010/12/07 23:09:22 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/07 23:09:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/07 23:09:22 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/07 23:09:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/07 23:09:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/04 18:59:11 | 000,034,560 | ---- | C] () -- C:\Windows\System32\drivers\Normandy.sys
[2010/02/15 14:26:29 | 000,164,177 | ---- | C] () -- C:\Windows\hpoins21.dat
[2010/02/07 20:03:07 | 000,000,268 | R--- | C] () -- C:\ProgramData\Sports
[2010/02/07 19:54:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\Soundtrack
[2010/01/17 20:00:24 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/01/15 18:43:02 | 000,023,086 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/10 12:36:19 | 000,000,268 | R--- | C] () -- C:\ProgramData\Standard Tool
[2010/01/10 12:36:19 | 000,000,268 | R--- | C] () -- C:\Users\Judi\AppData\Roaming\Specifications
[2010/01/10 12:36:19 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/01/10 12:14:11 | 000,000,268 | R--- | C] () -- C:\Users\Judi\AppData\Roaming\Space Choir
[2010/01/10 12:14:11 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/12/11 18:29:34 | 000,069,632 | ---- | C] () -- C:\Windows\ssdal_nc.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/06 14:59:10 | 000,169,962 | ---- | C] () -- C:\Windows\hpqins00.dat.temp
[2009/06/30 01:29:54 | 000,116,841 | ---- | C] () -- C:\Windows\hpqins00.dat
[2008/12/30 12:01:02 | 000,001,356 | ---- | C] () -- C:\Users\Judi\AppData\Local\d3d9caps.dat
[2008/11/16 11:57:41 | 001,080,974 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008/09/21 19:59:50 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/21 10:37:42 | 000,164,625 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2008/08/21 10:37:42 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2008/08/03 12:09:35 | 000,000,300 | ---- | C] () -- C:\Users\Judi\AppData\Roaming\wklnhst.dat
[2008/07/28 15:52:10 | 000,151,552 | ---- | C] () -- C:\Windows\System32\Tracer.dll
[2008/07/28 15:52:10 | 000,118,784 | ---- | C] () -- C:\Windows\System32\SheriffNet.dll
[2008/07/27 19:32:48 | 000,010,752 | -H-- | C] () -- C:\Users\Judi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/27 18:42:09 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/07/27 18:42:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/04/14 19:53:32 | 000,155,648 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2008/02/27 02:59:45 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/20 07:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/20 07:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/20 07:10:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/05/15 05:10:56 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,439,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,645,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,120,908 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2008/11/09 18:10:21 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\acccore
[2008/11/09 17:47:19 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\AIM
[2010/11/29 01:18:17 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\BeachPartyCraze
[2010/11/29 01:18:17 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\CupcakeCafe
[2010/01/17 20:05:00 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\DassaultSystemes
[2010/01/17 20:05:03 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\EDrawings
[2011/09/04 16:35:08 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\EscapeTheMuseum2
[2011/05/14 11:38:55 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\FrostWire
[2010/11/29 01:18:17 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\GetRightToGo
[2008/07/27 18:34:16 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\MSNInstaller
[2010/09/28 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Mysteryville2
[2010/07/10 14:37:17 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Namco
[2010/01/21 19:20:34 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Nikon
[2011/06/12 12:50:49 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Oberon Media
[2011/05/18 20:12:36 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\PCHC
[2010/06/23 19:13:46 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\PlayFirst
[2011/08/24 18:46:38 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\playmink
[2011/09/04 16:41:59 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Princess Isabella
[2011/01/27 19:24:27 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Sierra
[2011/09/05 14:58:54 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Silverback Productions
[2009/02/03 16:18:27 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Template
[2010/10/29 09:38:49 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\TomTom
[2008/07/27 18:47:18 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\WildTangent
[2008/12/11 00:11:42 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\acccore
[2011/11/23 22:30:20 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/29 22:06:26 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{15C0AF03-2699-4957-AF16-890EE2110E3F}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/11 21:17:56 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/11 21:17:56 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/11 21:17:56 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\mozilla firefox\firefox.exe" [2011/11/11 21:17:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/11 21:17:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2011/11/11 21:17:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\internet explorer\iexplore.exe" [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/11 21:17:56 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/11 21:17:56 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/11 21:17:56 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\mozilla firefox\firefox.exe" [2011/11/11 21:17:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/11 21:17:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2011/11/11 21:17:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\internet explorer\iexplore.exe" [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
< %Temp%\smtmp\1\*.* >
[2006/11/02 07:56:50 | 000,001,677 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\1\Default Programs.lnk
[2009/11/05 21:20:58 | 000,000,442 | -HS- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\1\desktop.ini
[2011/03/22 10:12:17 | 000,001,148 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\1\HP Solution Center.lnk
[2008/09/21 19:58:14 | 000,001,992 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\1\New Office Document.lnk
[2008/09/21 19:58:14 | 000,002,002 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\1\Open Office Document.lnk
[2009/11/05 21:20:58 | 000,001,617 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\1\Windows Update.lnk
< %Temp%\smtmp\2\*.* >
[2010/05/16 20:06:17 | 000,001,720 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\AIM.lnk
[2009/03/27 14:56:23 | 000,000,286 | -HS- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\desktop.ini
[2011/04/16 14:34:01 | 000,001,034 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\FrostWire 4.21.5.lnk
[2009/02/20 16:00:29 | 000,001,955 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Google Chrome.lnk
[2009/03/27 14:56:23 | 000,000,943 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2011/02/02 15:20:25 | 000,002,619 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Microsoft Outlook 2010.lnk
[2011/02/02 13:14:40 | 000,000,936 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Microsoft Outlook.lnk
[2010/01/09 11:55:25 | 000,001,748 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Mozilla Firefox.lnk
[2010/02/27 17:59:37 | 000,000,923 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Picasa 3.lnk
[2010/06/22 16:16:12 | 000,001,719 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Play iWin Games.lnk
[2008/01/20 21:42:47 | 000,000,258 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Shows Desktop.lnk
[2010/01/17 19:58:31 | 000,002,048 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\SolidWorks eDrawings 2010.lnk
[2008/01/20 21:42:47 | 000,000,240 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Window Switcher.lnk
[2008/09/19 09:33:59 | 000,000,938 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Windows Media Player.lnk
< %Temp%\smtmp\3\*.* >
< %Temp%\smtmp\4\*.* >
[2009/02/16 19:13:40 | 000,000,874 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\
[2010/12/21 21:00:00 | 000,001,892 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Adobe Reader X.lnk
[2011/02/01 21:09:35 | 000,001,938 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Age of Empires III.lnk
[2010/05/16 20:06:17 | 000,001,696 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\AIM.lnk
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\desktop.ini
[2008/02/27 03:13:27 | 000,002,055 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\eBay.lnk
[2011/05/15 17:00:10 | 000,001,971 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Google Chrome.lnk
[2009/05/18 10:49:22 | 000,001,976 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Google Earth.lnk
[2009/07/06 15:02:24 | 000,001,120 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\HP Network UserGuide.lnk
[2011/03/22 10:17:27 | 000,002,016 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\HP Photosmart Essential 2.5.lnk
[2011/03/22 10:12:17 | 000,001,142 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\HP Solution Center.lnk
[2009/07/25 18:20:03 | 000,001,804 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\iTunes.lnk
[2011/01/27 17:47:36 | 000,000,933 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Launch Empire Earth II.lnk
[2011/01/20 15:38:05 | 000,000,906 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
[2010/02/15 17:27:11 | 000,001,895 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Nikon Transfer.lnk
[2010/02/27 17:59:37 | 000,000,899 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Picasa 3.lnk
[2009/07/25 18:16:52 | 000,001,726 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\QuickTime Player.lnk
[2011/03/22 10:15:46 | 000,002,060 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Shop for HP Supplies.lnk
[2009/02/23 08:18:49 | 000,000,902 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\SUPERAntiSpyware Free Edition.lnk
[2010/01/10 12:38:37 | 000,001,826 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\ViewNX.lnk
< C:\Windows\assembly\tmp\U\*.* /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:9756362E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:527D9577
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E6B1AD87
< End of report >
OTL Extras logfile created on: 12/4/2011 2:39:18 PM - Run 1
OTL by OldTimer - Version Folder = C:\Users\Judi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.27 Mb Total Physical Memory | 260.67 Mb Available Physical Memory | 25.73% Memory free
2.24 Gb Paging File | 1.39 Gb Available in Paging File | 62.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.60 Gb Total Space | 54.27 Gb Free Space | 39.44% Space Free | Partition Type: NTFS
Drive D: | 11.44 Gb Total Space | 1.98 Gb Free Space | 17.30% Space Free | Partition Type: NTFS
Computer Name: JUDI-PC | User Name: Judi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
========== Vista Active Open Ports Exception List ==========
"{0A68A8EE-0019-4D23-8F55-9A7481879250}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{16B20871-9E24-4A68-9458-E723ADB7526A}" = rport=139 | protocol=6 | dir=out | app=system |
"{19B39881-9CE5-4BA6-B45D-854F0F4766D5}" = lport=139 | protocol=6 | dir=in | app=system |
"{1C821130-6DF9-4D7A-AB6B-4D5852E0F305}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{20E270D7-9805-432E-892D-F37CF159F7E8}" = lport=445 | protocol=6 | dir=in | app=system |
"{2D1B6C93-2875-4C7C-8418-C078C8459826}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5465ECE4-0FBD-4335-9697-FBA1B914BC0B}" = rport=138 | protocol=17 | dir=out | app=system |
"{6BD76CEF-399C-4E19-B045-65A1627019CB}" = rport=137 | protocol=17 | dir=out | app=system |
"{6ED972D0-B57E-43FD-9B02-B3453B6F3EED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{845AD58C-C5B5-4EE3-968C-935381FE4DA7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8F14DC1F-7887-437B-BB04-4D34E45C5B26}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FAD5ED0-08AF-48CB-8975-F71465574F1C}" = lport=137 | protocol=17 | dir=in | app=system |
"{927DC578-C0A0-4D34-88E8-61BF22743044}" = lport=138 | protocol=17 | dir=in | app=system |
"{A41D6053-91B3-4769-A570-E28444DD2062}" = rport=445 | protocol=6 | dir=out | app=system |
"{B251C47B-C28F-4F71-8509-9BBEBEC58FA7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2C505D6-398E-4D59-AE97-6EA6B5365DEF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BC08322D-4544-4289-8AF4-97983327C435}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CB5F6781-7E31-4024-A7D4-5D75D243AAA1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E9B78337-0129-403B-99A5-296D0C9076FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
"{01CA4C70-B84A-412A-A500-A0FEE55BAFDA}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0232AD59-DE3A-47A3-8E1B-256DAFAEFC6A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{07F0ED00-9FD9-4691-ACF1-14513B50A265}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{09EF94DC-ACB8-4E2D-B74E-8A2BD7C9154D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0A25669B-936E-4F20-9BFA-E0FFF830853E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{152A25A7-DCB2-4DE9-8C34-5C9FCC4F3497}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{15A657B5-8703-4891-A262-64C4E7CA93E3}" = protocol=1 | dir=out | [email protected],-28544 |
"{16F36307-CE4F-4E4E-A8F4-2FE587539BA6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{17F1E7AB-035D-4081-9328-6293DBE5323E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{23E60D1A-52D3-4C7D-A506-DCE9F346CC88}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{28B474EF-0FA8-4296-BB31-A2362D86100F}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{2A1A24FA-B14A-4329-987E-390D55A05FCC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3041D4FC-35C3-4BF7-B3B1-A7871F74FCB6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{30581050-0D22-4D6D-AB9C-A74AFD8D9DD8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{30C10A91-D424-4549-B028-979E4FC64F9E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{349B2DDF-2BDB-4EFF-AE2A-FE27A264BDE4}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{3AD44A71-CDC3-4A22-A470-4E7BCC1D05D5}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{3B6E26D0-2F65-4FED-824C-2F2D429DE26A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{3CDDD4A1-9AA0-45B8-BB84-F0DBECC1AA3A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{3F077109-7104-42A7-8BF2-5BA0A4DEA322}" = protocol=1 | dir=in | [email protected],-28543 |
"{49C9E203-1BEA-41F1-A825-B26972FB5C6F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{4A6E55CD-B6AA-4839-AD7F-659F20815BA7}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{4C866DC2-4510-4FD1-A713-B6FAE6AAD21A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
"{56E41EBC-70A0-4867-9B7F-36A7734A79F4}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{5AB82E45-CC2E-4502-8C86-FE15EDFFCDDF}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5DC14199-54CE-440A-93F4-32F668226359}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{5E66FD85-E4DD-4282-A960-63A599574477}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{628EC09F-85A9-4487-BCE0-E5DA7AF2F617}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{6ED39912-D7EB-4137-8F03-B632A99EFB5F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{70C37D40-BB13-4C3F-9637-F9C08D8EBAED}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{86DADD6B-7277-46E4-940C-8B6714F583C5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{8ED27821-A444-4080-94E7-32538E5E3A8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{90EBE8FA-76F4-43F7-9817-89DBA3A40544}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{925BE10D-D363-4B35-A812-A4FAD5896858}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{93CF75C1-A443-4F97-A655-A936B5F92F94}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{94D841C6-968B-431F-A350-4E37064FDD82}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9CB7BC27-5DC8-49AC-9E7D-051BC398550C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{9D6B7519-1520-48FB-AF26-18D4E4DDEB8C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A552A28E-449F-4B3A-BC15-EA9FCACD2BE7}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{A6C67A56-6BDE-4920-B7E4-137A47FD7E1A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{ACE5CEDE-D891-4CD4-BA32-444201198A1B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{AF95D693-253E-406C-8BEF-7D044BBF5A9D}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{B3CF36D9-405C-4A85-A083-EAD92E2B16C1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BD787FF4-B355-4F00-BB0F-2A1A3F495BAC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{BE180A32-916D-48EB-A2D2-42B0EAEE1CA2}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{C4F5FA4A-21F2-49A6-9021-0707B0DBDFEB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C901998C-995E-497B-899C-FA13296C8F58}" = protocol=58 | dir=in | [email protected],-28545 |
"{CB781471-A375-4ABD-9F4B-16E061E33790}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{CB8E5433-1536-41EA-9D39-63612E2C6842}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CF0E1DE1-5D6F-4C33-A872-778A74293FC2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{DC8556BE-7202-420F-B169-40E21FAF90A1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E40BA351-46F5-44EB-82BD-1BAAEB88E85B}" = protocol=58 | dir=out | [email protected],-28546 |
"{E49E3540-E71B-4A03-96D0-7182CD249372}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E83F1C2F-28F6-46CE-BC8C-43C0631DAE65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{EB996068-8A0F-465E-9A5A-ACF1893AD049}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{EFE8B2AF-27AD-456E-852C-B694AECD50CF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F2AB4E70-A570-4325-A163-5142B80A25DA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{F43E0400-5957-4953-8EB3-AE7233FD5DE0}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F927F2ED-BB57-4640-A390-ADC83FAB4031}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{FF84206D-A7F7-4240-9E14-722399D64F46}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"TCP Query User{165D761C-2B3D-4B75-B9FC-0963BD1DB94F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3EE184F3-7FD9-463C-A440-B8EF60AE66BB}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{E80A7CDB-FA8B-4C40-B68F-59BDC1A5BA56}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{27A43C4A-2142-4E86-BF54-AF76BE4C665B}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{5299C907-301D-4260-97E6-B2B08BB44557}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DD5854BD-D698-4852-8F04-6499FEE4A3E6}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31494504-40DF-4290-872D-E3824745E8A1}}_is1" = Tile Mosaic Maker Trial V8.32
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{366E24C6-9097-4F63-BF42-3F3EF356A960}" = Photosynth 2.0.1519.16
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}" = NetZero For Cosmi
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" =
"{78A974B6-F864-41AE-9F5A-0AAF7D40E884}" = PrintMaster 16
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113772953}" = Amazing Adventures The Lost Tomb
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118392197}" = Pacman
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118469257}" = Hidden Identity Chicago Blackout
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11852670}" = Chicken Invaders 3 Easter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119692777}" = Cake Mania - To the Max
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005350}" = Hobby Farm
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B041ABD7-4A10-482a-A525-577A7AAD8EC7}" = C6200_Help
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = Panorama Maker
"{D7358B07-4F10-4014-9869-7999578BE8ED}" = HP User Guides 0093
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
"{E1FD657F-C29E-4FED-A4FB-1199E22AE33E}" = UltraFast
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA9AAB32-160B-4FC1-AF18-71F11257C574}" = SolidWorks eDrawings 2010
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{FDDDD898-725F-498E-8582-938326066177}" = HP Battery Check
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_7" = AIM 7
"Ask Toolbar_is1" = Ask Toolbar
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BFGC" = Big Fish Games: Game Manager
"BFG-Chocolatier - Decadence by Design" = Chocolatier: Decadence by Design
"Chainz 2" = Chainz 2 (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" =
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Doggie Dash" = Doggie Dash
"ESET Online Scanner" = ESET Online Scanner v3
"FrostWire" = FrostWire 4.21.5
"GamesBar" = GamesBar
"Glass Eye 2000" = Glass Eye 2000
"Gogii 4-Pack1.0" = Gogii 4-Pack
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Battery Check" = HP Battery Check
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"iWinArcade" = iWin Games (remove only)
"Mah Jong Quest" = Mah Jong Quest (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Mysteryville 2" = Mysteryville 2 (remove only)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"Picasa 3" = Picasa 3
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TomTom HOME" = TomTom HOME
"TranslatorBar_1 Toolbar" = TranslatorBar_1 Toolbar
"TVWiz" = Intel® TV Wizard
"Ultimate Mahjongg 15" = Ultimate Mahjongg 15
"Ultimate Solitaire 750" = Ultimate Solitaire 750
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zynga Toolbar" = Zynga Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/1/2011 6:13:50 PM | Computer Name = Judi-PC | Source = EventSystem | ID = 4609
Description =
Error - 12/1/2011 6:14:00 PM | Computer Name = Judi-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/1/2011 7:59:56 PM | Computer Name = Judi-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
0x4de07b1b, faulting module unknown, version, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x01c0d426, process id 0xc3c, application start time
Error - 12/1/2011 8:49:57 PM | Computer Name = Judi-PC | Source = System Restore | ID = 8193
Description =
Error - 12/1/2011 8:50:03 PM | Computer Name = Judi-PC | Source = System Restore | ID = 8193
Description =
Error - 12/3/2011 7:37:15 PM | Computer Name = Judi-PC | Source = EventSystem | ID = 4609
Description =
Error - 12/3/2011 7:37:26 PM | Computer Name = Judi-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/3/2011 7:57:18 PM | Computer Name = Judi-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module ShellvRTF.dll, version, time stamp 0x46d83e7c,
exception code 0xc0000005, fault offset 0x000057ab, process id 0x620, application
start time 0x01ccb21477901aff.
Error - 12/3/2011 7:57:31 PM | Computer Name = Judi-PC | Source = EventSystem | ID = 4609
Description =
Error - 12/4/2011 3:42:30 PM | Computer Name = Judi-PC | Source = System Restore | ID = 8193
Description =
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
aswMBR version Copyright© 2011 AVAST Software
Run date: 2011-12-04 17:19:42
17:19:42.124 OS Version: Windows 6.0.6001 Service Pack 1
17:19:42.124 Number of processors: 2 586 0xF0D
17:19:42.124 ComputerName: JUDI-PC UserName: Judi
17:21:30.965 Initialize success
17:22:35.487 AVAST engine defs: 11120401
17:23:22.068 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:23:22.068 Disk 0 Vendor: ST916082 3.BH Size: 152627MB BusType: 3
17:23:22.193 Disk 0 MBR read successfully
17:23:22.193 Disk 0 MBR scan
17:23:24.128 Disk 0 unknown MBR code
17:23:24.174 Disk 0 scanning sectors +312576705
17:23:24.377 Disk 0 scanning C:\Windows\system32\drivers
17:23:42.192 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-AOK [Rtk]
17:27:03.838 Service scanning
17:27:29.141 Modules scanning
17:28:07.533 Module: C:\Windows\System32\Drivers\dfsc.sys **SUSPICIOUS**
17:28:27.938 Disk 0 trace - called modules:
17:28:28.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8c300f10]<<
17:28:28.702 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a70220]
17:28:28.718 3 CLASSPNP.SYS[871a1745] -> nt!IofCallDriver -> [0x8c28bcb8]
17:28:28.718 \Driver\00001082[0x8c28bdf0] -> IRP_MJ_CREATE -> 0x8c300f10
17:29:07.811 AVAST engine scan C:\Windows
17:29:25.455 AVAST engine scan C:\Windows\system32
17:29:26.328 File: C:\Windows\system32\ **INFECTED** Win32:Zbot-NUQ [Trj]
17:34:53.235 AVAST engine scan C:\Windows\system32\drivers
17:34:58.355 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-AOK [Rtk]
17:35:44.219 AVAST engine scan C:\Users\Judi
17:52:17.992 File: C:\Users\Judi\AppData\Local\temp\0.5877803652428584gtye.exe **INFECTED** Win32:FakeAlert-BNL [Trj]
17:56:33.645 File: C:\Users\Judi\AppData\Local\temp\eyoiwuwfqb **INFECTED** Win32:FakeAlert-BNB [Trj]
18:00:16.666 File: C:\Users\Judi\AppData\Local\ugd.exe **INFECTED** Win32:FakeAlert-BNL [Trj]
18:01:59.975 Disk 0 MBR has been saved successfully to "C:\Users\Judi\Desktop\MBR.dat"
18:02:00.131 The log file has been saved successfully to "C:\Users\Judi\Desktop\aswMBR.txt"
18:12:24.810 AVAST engine scan C:\ProgramData
18:12:27.040 File: C:\ProgramData\ahY2dAji.exe **INFECTED** Win32:Malware-gen
18:18:47.004 Scan finished successfully
18:24:13.044 Disk 0 MBR has been saved successfully to "C:\Users\Judi\Desktop\MBR.dat"
18:24:13.059 The log file has been saved successfully to "C:\Users\Judi\Desktop\aswMBR.txt"
DiskManagement Screen Shot:
Won't let me paste a screen shot for some reason, wouldn't let me attach a word file, so it is attached as a .pdf
First RKreport:
RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User: Judi [Admin rights]
Mode: Remove -- Date : 12/04/2011 14:12:03
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 8 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILE ASSO] HKCU\Software\Classes\.exe\shell\open\command : ("C:\Users\Judi\AppData\Local\ugd.exe" -a "%1" %*) -> REPLACED ("%1" %*)
[FILE ASSO] HKCU\Software\Classes\exefile\shell\open\command : ("C:\Users\Judi\AppData\Local\ugd.exe" -a "%1" %*) -> REPLACED ("%1" %*)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Users\Judi\AppData\Local\ugd.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe")
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Users\Judi\AppData\Local\ugd.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> REPLACED ("C:\Program Files\mozilla firefox\firefox.exe" -safe-mode)
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Users\Judi\AppData\Local\ugd.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files\internet explorer\iexplore.exe")
¤¤¤ Particular Files / Folders: ¤¤¤
[FOLDER] plugs : c:\users\judi\appdata\roaming\adobe\plugs --> REMOVED
[FOLDER] shed : c:\users\judi\appdata\roaming\adobe\shed --> REMOVED
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
Finished : << RKreport[1].txt >>
Second RKreport:
RogueKiller V6.1.12 [12/02/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User: Judi [Admin rights]
Mode: Shortcuts HJfix -- Date : 12/04/2011 14:20:03
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 215 / Fail 0
Quick launch: Success 13 / Fail 0
Programs: Success 5948 / Fail 1
Start menu: Success 131 / Fail 0
User folder: Success 16830 / Fail 0
My documents: Success 240 / Fail 0
My favorites: Success 66 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 918 / Fail 0
My videos: Success 8 / Fail 0
Local drives: Success 18921 / Fail 0
Backup: [FOUND] Success 335 / Fail 19
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
¤¤¤ Infection : Rogue.FakeHDD ¤¤¤
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
OTL logfile created on: 12/4/2011 2:39:17 PM - Run 1
OTL by OldTimer - Version Folder = C:\Users\Judi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.27 Mb Total Physical Memory | 260.67 Mb Available Physical Memory | 25.73% Memory free
2.24 Gb Paging File | 1.39 Gb Available in Paging File | 62.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.60 Gb Total Space | 54.27 Gb Free Space | 39.44% Space Free | Partition Type: NTFS
Drive D: | 11.44 Gb Total Space | 1.98 Gb Free Space | 17.30% Space Free | Partition Type: NTFS
Computer Name: JUDI-PC | User Name: Judi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/12/03 19:14:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Judi\Desktop\OTL(1).exe
PRC - [2011/10/26 09:34:11 | 000,116,608 | ---- | M] ( -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/10/26 09:34:06 | 004,615,552 | ---- | M] ( -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 21:24:29 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
========== Modules (No Company Name) ==========
MOD - [2011/12/04 14:33:05 | 000,063,488 | ---- | M] () -- C:\ProgramData\\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/12/04 14:33:05 | 000,052,736 | ---- | M] () -- C:\ProgramData\\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/11/30 21:51:58 | 000,117,760 | ---- | M] () -- C:\ProgramData\\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/11/30 21:51:58 | 000,052,224 | ---- | M] () -- C:\ProgramData\\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/10/26 09:34:11 | 000,116,608 | ---- | M] ( [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/03/17 15:45:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/01/17 20:00:19 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/02/18 16:26:52 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/10/03 17:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV - [2011/08/31 16:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/14 17:59:44 | 000,067,664 | ---- | M] ( and [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/14 17:59:43 | 000,012,880 | ---- | M] ( and [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/14 09:24:14 | 000,075,264 | ---- | M] () [File_System | Unknown | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2010/12/04 18:59:17 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Normandy.sys -- (Normandy)
DRV - [2010/03/10 12:26:32 | 000,012,872 | ---- | M] ( and [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/02/27 05:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 21:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/10/11 06:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/25 06:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 17:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/23 16:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...sario&pf=laptop
IE - HKLM\..\URLSearchHook: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - "Search the Web"
FF - true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.346
FF - prefs.js..extensions.enabledItems: {59610025-BFA6-40AC-A478-50D98AD533ED}:1.9.1
FF - prefs.js..extensions.enabledItems: ChoiceGuard@Microsoft:2.0
FF - 4
FF - HKLM\Software\MozillaPlugins\ C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\ C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\,version=: File not found
FF - HKLM\Software\MozillaPlugins\,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\ Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\,version=4.0: C:\Program Files\Virtual Earth 3D\ [2011/07/18 04:24:06 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Common Files\Oberon Media\NCAdapter\\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\ Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\ Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version= C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/15 18:43:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\ProgramData\iWin Games\firefox [2010/06/22 16:16:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 21:18:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/31 11:39:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/15 18:43:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{59610025-BFA6-40AC-A478-50D98AD533ED}: C:\Users\Judi\AppData\Local\{59610025-BFA6-40AC-A478-50D98AD533ED}\ [2011/05/26 11:00:08 | 000,000,000 | ---D | M]
[2010/10/29 09:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judi\AppData\Roaming\Mozilla\Extensions
[2010/10/29 09:39:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judi\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/09/22 22:33:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judi\AppData\Roaming\Mozilla\Firefox\extensions
[2010/11/29 01:18:18 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Judi\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/11/04 09:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Judi\AppData\Roaming\Mozilla\Firefox\Profiles\2nawkxyv.default\extensions
[2010/11/29 01:18:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Judi\AppData\Roaming\Mozilla\Firefox\Profiles\2nawkxyv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/18 04:35:13 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\Judi\AppData\Roaming\Mozilla\Firefox\Profiles\2nawkxyv.default\extensions\ChoiceGuard@Microsoft
[2011/10/25 09:21:40 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Judi\AppData\Roaming\Mozilla\Firefox\Profiles\2nawkxyv.default\extensions\[email protected]
[2011/11/11 21:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/26 11:00:08 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\JUDI\APPDATA\LOCAL\{59610025-BFA6-40AC-A478-50D98AD533ED}
[2011/11/11 21:17:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/12/21 22:17:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/12/09 04:58:24 | 000,274,432 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/08/30 14:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/11/25 12:09:47 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober248823419.xml
[2011/01/18 22:01:25 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober31269246.xml
[2011/06/07 18:13:08 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober56812990.xml
[2011/11/11 21:18:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Gears (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\\npGoogleOneClick8.dll
CHR - plugin: Photosynth (Enabled) = C:\Program Files\Photosynth\npPhotosynthMozilla.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
Hosts file not found
O2 - BHO: (TranslatorBar 1 Toolbar) - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (TranslatorBar 1 Toolbar) - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\..\Toolbar\WebBrowser: (TranslatorBar 1 Toolbar) - {00BF7B9C-ACD2-4080-BEA8-B1C41987070F} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (
O3 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [SBC_McciTrayApp] C:\Program Files\SBC\update\SST.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Seagull Drivers] C:\Windows\ssdal_nc.exe ()
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (Reg Error: Key error.)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} (Java Plug-in 1.6.0_23)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} http://livenj02.cust...l/java/ (Live Collaboration)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C165FAD-FD64-44C6-BC43-B4E95A584808}: DhcpNameServer =
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/27 02:45:25 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | --S- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000..exefile [open] -- "%1" %*
O37 - HKLM\ [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2011/12/04 14:30:00 | 000,000,000 | ---D | C] -- C:\Users\Judi\Desktop\files
[2011/12/04 14:29:46 | 000,000,000 | ---D | C] -- C:\Users\Judi\Desktop\shortcuts
[2011/12/04 14:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/12/04 14:10:57 | 000,000,000 | ---D | C] -- C:\Users\Judi\Desktop\RK_Quarantine
[2011/12/03 19:15:30 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Judi\Desktop\aswMBR(1).exe
[2011/12/03 19:14:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Judi\Desktop\OTL(1).exe
[2011/12/01 17:23:23 | 000,032,256 | ---- | C] (TWX Corp.) -- C:\Windows\System32\
[2011/11/30 19:40:14 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Users\Judi\AppData\Local\ugd.exe
[2011/11/22 21:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/04 19:27:04 | 000,000,000 | ---D | C] -- C:\Users\Judi\AppData\Local\userNetTask
[1 C:\Users\Judi\Documents\*.tmp files -> C:\Users\Judi\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/12/04 14:12:46 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/04 14:08:32 | 000,001,356 | ---- | M] () -- C:\Users\Judi\AppData\Local\d3d9caps.dat
[2011/12/04 13:50:47 | 000,754,176 | ---- | M] () -- C:\Users\Judi\Desktop\RogueKiller.exe
[2011/12/04 13:42:53 | 000,010,728 | --S- | M] () -- C:\Users\Judi\AppData\Local\hlpfte0f0hwv6uin8hej0m504y3u
[2011/12/04 13:42:53 | 000,010,728 | --S- | M] () -- C:\ProgramData\hlpfte0f0hwv6uin8hej0m504y3u
[2011/12/03 19:16:00 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Judi\Desktop\aswMBR(1).exe
[2011/12/03 19:14:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Judi\Desktop\OTL(1).exe
[2011/12/03 18:36:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/01 17:37:35 | 000,000,112 | ---- | M] () -- C:\ProgramData\s831KJO25.dat
[2011/12/01 17:32:26 | 000,000,000 | ---- | M] () -- C:\ProgramData\ahY2dAji.exe.b
[2011/12/01 17:31:58 | 000,116,224 | ---- | M] () -- C:\ProgramData\ahY2dAji.exe
[2011/12/01 17:23:13 | 000,032,256 | ---- | M] (TWX Corp.) -- C:\Windows\System32\
[2011/11/30 22:26:30 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/30 22:25:40 | 000,645,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/30 22:25:40 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/30 22:19:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/11/30 22:12:19 | 000,000,279 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/11/30 22:10:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/30 22:09:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/30 22:09:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/30 20:07:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/29 22:06:26 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{15C0AF03-2699-4957-AF16-890EE2110E3F}.job
[2011/11/22 19:46:24 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJudi.job
[1 C:\Users\Judi\Documents\*.tmp files -> C:\Users\Judi\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/12/04 14:13:12 | 000,002,048 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2010.lnk
[2011/12/04 14:13:12 | 000,001,719 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Play iWin Games.lnk
[2011/12/04 14:13:12 | 000,000,938 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/04 14:13:12 | 000,000,923 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/12/04 14:13:12 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/04 14:13:12 | 000,000,258 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/12/04 14:13:12 | 000,000,240 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/12/04 14:13:11 | 000,002,619 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook 2010.lnk
[2011/12/04 14:13:11 | 000,001,955 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/04 14:13:11 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2011/12/04 14:13:11 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2011/12/04 14:13:11 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/04 14:13:11 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2011/12/04 14:13:11 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2011/12/04 14:13:11 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2011/12/04 14:13:11 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/12/04 14:13:11 | 000,001,720 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/12/04 14:13:11 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2011/12/04 14:13:11 | 000,001,034 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.5.lnk
[2011/12/04 14:13:11 | 000,000,943 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/04 14:13:11 | 000,000,936 | ---- | C] () -- C:\Users\Judi\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/12/04 14:13:11 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk
[2011/12/04 14:13:09 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/12/04 14:13:09 | 000,001,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/12/04 14:13:09 | 000,001,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
[2011/12/04 14:13:07 | 000,000,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2011/12/04 14:13:04 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/04 14:13:04 | 000,001,184 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2011/12/04 14:13:04 | 000,001,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/12/04 14:13:03 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/12/04 14:13:02 | 000,001,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
[2011/12/04 14:13:02 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/04 14:13:00 | 000,001,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk
[2011/12/04 14:13:00 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/12/04 14:12:58 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2011/12/04 14:12:58 | 000,001,736 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Play.lnk
[2011/12/04 14:12:58 | 000,001,712 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2011/12/04 14:12:57 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/04 14:12:56 | 000,000,886 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
[2011/12/04 14:11:45 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/12/04 13:50:41 | 000,754,176 | ---- | C] () -- C:\Users\Judi\Desktop\RogueKiller.exe
[2011/12/01 17:32:26 | 000,116,224 | ---- | C] () -- C:\ProgramData\ahY2dAji.exe
[2011/12/01 17:32:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\ahY2dAji.exe.b
[2011/12/01 17:23:23 | 000,000,112 | ---- | C] () -- C:\ProgramData\s831KJO25.dat
[2011/11/30 19:40:27 | 000,010,728 | --S- | C] () -- C:\Users\Judi\AppData\Local\hlpfte0f0hwv6uin8hej0m504y3u
[2011/11/30 19:40:27 | 000,010,728 | --S- | C] () -- C:\ProgramData\hlpfte0f0hwv6uin8hej0m504y3u
[2011/06/15 17:58:23 | 000,075,264 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011/05/26 11:00:11 | 000,000,120 | ---- | C] () -- C:\Users\Judi\AppData\Local\Tsavucefuheli.dat
[2011/05/26 11:00:11 | 000,000,000 | ---- | C] () -- C:\Users\Judi\AppData\Local\Tsarubesidacibi.bin
[2011/05/25 21:23:05 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~43441912r
[2011/05/25 21:23:05 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~43441912
[2011/05/25 21:22:13 | 000,000,400 | ---- | C] () -- C:\ProgramData\43441912
[2010/12/07 23:09:22 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/07 23:09:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/07 23:09:22 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/07 23:09:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/07 23:09:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/04 18:59:11 | 000,034,560 | ---- | C] () -- C:\Windows\System32\drivers\Normandy.sys
[2010/02/15 14:26:29 | 000,164,177 | ---- | C] () -- C:\Windows\hpoins21.dat
[2010/02/07 20:03:07 | 000,000,268 | R--- | C] () -- C:\ProgramData\Sports
[2010/02/07 19:54:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\Soundtrack
[2010/01/17 20:00:24 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/01/15 18:43:02 | 000,023,086 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/10 12:36:19 | 000,000,268 | R--- | C] () -- C:\ProgramData\Standard Tool
[2010/01/10 12:36:19 | 000,000,268 | R--- | C] () -- C:\Users\Judi\AppData\Roaming\Specifications
[2010/01/10 12:36:19 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/01/10 12:14:11 | 000,000,268 | R--- | C] () -- C:\Users\Judi\AppData\Roaming\Space Choir
[2010/01/10 12:14:11 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/12/11 18:29:34 | 000,069,632 | ---- | C] () -- C:\Windows\ssdal_nc.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/06 14:59:10 | 000,169,962 | ---- | C] () -- C:\Windows\hpqins00.dat.temp
[2009/06/30 01:29:54 | 000,116,841 | ---- | C] () -- C:\Windows\hpqins00.dat
[2008/12/30 12:01:02 | 000,001,356 | ---- | C] () -- C:\Users\Judi\AppData\Local\d3d9caps.dat
[2008/11/16 11:57:41 | 001,080,974 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008/09/21 19:59:50 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/21 10:37:42 | 000,164,625 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2008/08/21 10:37:42 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2008/08/03 12:09:35 | 000,000,300 | ---- | C] () -- C:\Users\Judi\AppData\Roaming\wklnhst.dat
[2008/07/28 15:52:10 | 000,151,552 | ---- | C] () -- C:\Windows\System32\Tracer.dll
[2008/07/28 15:52:10 | 000,118,784 | ---- | C] () -- C:\Windows\System32\SheriffNet.dll
[2008/07/27 19:32:48 | 000,010,752 | -H-- | C] () -- C:\Users\Judi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/27 18:42:09 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/07/27 18:42:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/04/14 19:53:32 | 000,155,648 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2008/02/27 02:59:45 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/20 07:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/20 07:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/20 07:10:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/05/15 05:10:56 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,439,184 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,645,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,120,908 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2008/11/09 18:10:21 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\acccore
[2008/11/09 17:47:19 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\AIM
[2010/11/29 01:18:17 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\BeachPartyCraze
[2010/11/29 01:18:17 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\CupcakeCafe
[2010/01/17 20:05:00 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\DassaultSystemes
[2010/01/17 20:05:03 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\EDrawings
[2011/09/04 16:35:08 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\EscapeTheMuseum2
[2011/05/14 11:38:55 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\FrostWire
[2010/11/29 01:18:17 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\GetRightToGo
[2008/07/27 18:34:16 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\MSNInstaller
[2010/09/28 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Mysteryville2
[2010/07/10 14:37:17 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Namco
[2010/01/21 19:20:34 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Nikon
[2011/06/12 12:50:49 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Oberon Media
[2011/05/18 20:12:36 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\PCHC
[2010/06/23 19:13:46 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\PlayFirst
[2011/08/24 18:46:38 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\playmink
[2011/09/04 16:41:59 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Princess Isabella
[2011/01/27 19:24:27 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Sierra
[2011/09/05 14:58:54 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Silverback Productions
[2009/02/03 16:18:27 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Template
[2010/10/29 09:38:49 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\TomTom
[2008/07/27 18:47:18 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\WildTangent
[2008/12/11 00:11:42 | 000,000,000 | ---D | M] -- C:\Users\Lauren\AppData\Roaming\acccore
[2011/11/23 22:30:20 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/29 22:06:26 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{15C0AF03-2699-4957-AF16-890EE2110E3F}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/11 21:17:56 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/11 21:17:56 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/11 21:17:56 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\mozilla firefox\firefox.exe" [2011/11/11 21:17:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/11 21:17:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2011/11/11 21:17:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\internet explorer\iexplore.exe" [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/11 21:17:56 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/11 21:17:56 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/11 21:17:56 | 000,713,560 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\mozilla firefox\firefox.exe" [2011/11/11 21:17:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/11 21:17:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2011/11/11 21:17:59 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/27 23:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\internet explorer\iexplore.exe" [2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
< %Temp%\smtmp\1\*.* >
[2006/11/02 07:56:50 | 000,001,677 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\1\Default Programs.lnk
[2009/11/05 21:20:58 | 000,000,442 | -HS- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\1\desktop.ini
[2011/03/22 10:12:17 | 000,001,148 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\1\HP Solution Center.lnk
[2008/09/21 19:58:14 | 000,001,992 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\1\New Office Document.lnk
[2008/09/21 19:58:14 | 000,002,002 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\1\Open Office Document.lnk
[2009/11/05 21:20:58 | 000,001,617 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\1\Windows Update.lnk
< %Temp%\smtmp\2\*.* >
[2010/05/16 20:06:17 | 000,001,720 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\AIM.lnk
[2009/03/27 14:56:23 | 000,000,286 | -HS- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\desktop.ini
[2011/04/16 14:34:01 | 000,001,034 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\FrostWire 4.21.5.lnk
[2009/02/20 16:00:29 | 000,001,955 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Google Chrome.lnk
[2009/03/27 14:56:23 | 000,000,943 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2011/02/02 15:20:25 | 000,002,619 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Microsoft Outlook 2010.lnk
[2011/02/02 13:14:40 | 000,000,936 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Microsoft Outlook.lnk
[2010/01/09 11:55:25 | 000,001,748 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Mozilla Firefox.lnk
[2010/02/27 17:59:37 | 000,000,923 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Picasa 3.lnk
[2010/06/22 16:16:12 | 000,001,719 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Play iWin Games.lnk
[2008/01/20 21:42:47 | 000,000,258 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Shows Desktop.lnk
[2010/01/17 19:58:31 | 000,002,048 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\SolidWorks eDrawings 2010.lnk
[2008/01/20 21:42:47 | 000,000,240 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Window Switcher.lnk
[2008/09/19 09:33:59 | 000,000,938 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\2\Windows Media Player.lnk
< %Temp%\smtmp\3\*.* >
< %Temp%\smtmp\4\*.* >
[2009/02/16 19:13:40 | 000,000,874 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\
[2010/12/21 21:00:00 | 000,001,892 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Adobe Reader X.lnk
[2011/02/01 21:09:35 | 000,001,938 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Age of Empires III.lnk
[2010/05/16 20:06:17 | 000,001,696 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\AIM.lnk
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\desktop.ini
[2008/02/27 03:13:27 | 000,002,055 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\eBay.lnk
[2011/05/15 17:00:10 | 000,001,971 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Google Chrome.lnk
[2009/05/18 10:49:22 | 000,001,976 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Google Earth.lnk
[2009/07/06 15:02:24 | 000,001,120 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\HP Network UserGuide.lnk
[2011/03/22 10:17:27 | 000,002,016 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\HP Photosmart Essential 2.5.lnk
[2011/03/22 10:12:17 | 000,001,142 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\HP Solution Center.lnk
[2009/07/25 18:20:03 | 000,001,804 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\iTunes.lnk
[2011/01/27 17:47:36 | 000,000,933 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Launch Empire Earth II.lnk
[2011/01/20 15:38:05 | 000,000,906 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk
[2010/02/15 17:27:11 | 000,001,895 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Nikon Transfer.lnk
[2010/02/27 17:59:37 | 000,000,899 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Picasa 3.lnk
[2009/07/25 18:16:52 | 000,001,726 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\QuickTime Player.lnk
[2011/03/22 10:15:46 | 000,002,060 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\Shop for HP Supplies.lnk
[2009/02/23 08:18:49 | 000,000,902 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\SUPERAntiSpyware Free Edition.lnk
[2010/01/10 12:38:37 | 000,001,826 | ---- | M] () -- C:\Users\Judi\AppData\Local\Temp\smtmp\4\ViewNX.lnk
< C:\Windows\assembly\tmp\U\*.* /s >
========== Alternate Data Streams ==========
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:9756362E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:527D9577
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E6B1AD87
< End of report >
OTL Extras logfile created on: 12/4/2011 2:39:18 PM - Run 1
OTL by OldTimer - Version Folder = C:\Users\Judi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.27 Mb Total Physical Memory | 260.67 Mb Available Physical Memory | 25.73% Memory free
2.24 Gb Paging File | 1.39 Gb Available in Paging File | 62.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.60 Gb Total Space | 54.27 Gb Free Space | 39.44% Space Free | Partition Type: NTFS
Drive D: | 11.44 Gb Total Space | 1.98 Gb Free Space | 17.30% Space Free | Partition Type: NTFS
Computer Name: JUDI-PC | User Name: Judi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
========== Vista Active Open Ports Exception List ==========
"{0A68A8EE-0019-4D23-8F55-9A7481879250}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{16B20871-9E24-4A68-9458-E723ADB7526A}" = rport=139 | protocol=6 | dir=out | app=system |
"{19B39881-9CE5-4BA6-B45D-854F0F4766D5}" = lport=139 | protocol=6 | dir=in | app=system |
"{1C821130-6DF9-4D7A-AB6B-4D5852E0F305}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{20E270D7-9805-432E-892D-F37CF159F7E8}" = lport=445 | protocol=6 | dir=in | app=system |
"{2D1B6C93-2875-4C7C-8418-C078C8459826}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5465ECE4-0FBD-4335-9697-FBA1B914BC0B}" = rport=138 | protocol=17 | dir=out | app=system |
"{6BD76CEF-399C-4E19-B045-65A1627019CB}" = rport=137 | protocol=17 | dir=out | app=system |
"{6ED972D0-B57E-43FD-9B02-B3453B6F3EED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{845AD58C-C5B5-4EE3-968C-935381FE4DA7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8F14DC1F-7887-437B-BB04-4D34E45C5B26}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FAD5ED0-08AF-48CB-8975-F71465574F1C}" = lport=137 | protocol=17 | dir=in | app=system |
"{927DC578-C0A0-4D34-88E8-61BF22743044}" = lport=138 | protocol=17 | dir=in | app=system |
"{A41D6053-91B3-4769-A570-E28444DD2062}" = rport=445 | protocol=6 | dir=out | app=system |
"{B251C47B-C28F-4F71-8509-9BBEBEC58FA7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2C505D6-398E-4D59-AE97-6EA6B5365DEF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BC08322D-4544-4289-8AF4-97983327C435}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CB5F6781-7E31-4024-A7D4-5D75D243AAA1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E9B78337-0129-403B-99A5-296D0C9076FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
"{01CA4C70-B84A-412A-A500-A0FEE55BAFDA}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0232AD59-DE3A-47A3-8E1B-256DAFAEFC6A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{07F0ED00-9FD9-4691-ACF1-14513B50A265}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{09EF94DC-ACB8-4E2D-B74E-8A2BD7C9154D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0A25669B-936E-4F20-9BFA-E0FFF830853E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{152A25A7-DCB2-4DE9-8C34-5C9FCC4F3497}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{15A657B5-8703-4891-A262-64C4E7CA93E3}" = protocol=1 | dir=out | [email protected],-28544 |
"{16F36307-CE4F-4E4E-A8F4-2FE587539BA6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{17F1E7AB-035D-4081-9328-6293DBE5323E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{23E60D1A-52D3-4C7D-A506-DCE9F346CC88}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{28B474EF-0FA8-4296-BB31-A2362D86100F}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{2A1A24FA-B14A-4329-987E-390D55A05FCC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3041D4FC-35C3-4BF7-B3B1-A7871F74FCB6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{30581050-0D22-4D6D-AB9C-A74AFD8D9DD8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{30C10A91-D424-4549-B028-979E4FC64F9E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{349B2DDF-2BDB-4EFF-AE2A-FE27A264BDE4}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{3AD44A71-CDC3-4A22-A470-4E7BCC1D05D5}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{3B6E26D0-2F65-4FED-824C-2F2D429DE26A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{3CDDD4A1-9AA0-45B8-BB84-F0DBECC1AA3A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{3F077109-7104-42A7-8BF2-5BA0A4DEA322}" = protocol=1 | dir=in | [email protected],-28543 |
"{49C9E203-1BEA-41F1-A825-B26972FB5C6F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{4A6E55CD-B6AA-4839-AD7F-659F20815BA7}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{4C866DC2-4510-4FD1-A713-B6FAE6AAD21A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
"{56E41EBC-70A0-4867-9B7F-36A7734A79F4}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{5AB82E45-CC2E-4502-8C86-FE15EDFFCDDF}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{5DC14199-54CE-440A-93F4-32F668226359}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{5E66FD85-E4DD-4282-A960-63A599574477}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{628EC09F-85A9-4487-BCE0-E5DA7AF2F617}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{6ED39912-D7EB-4137-8F03-B632A99EFB5F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{70C37D40-BB13-4C3F-9637-F9C08D8EBAED}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{86DADD6B-7277-46E4-940C-8B6714F583C5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{8ED27821-A444-4080-94E7-32538E5E3A8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{90EBE8FA-76F4-43F7-9817-89DBA3A40544}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{925BE10D-D363-4B35-A812-A4FAD5896858}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{93CF75C1-A443-4F97-A655-A936B5F92F94}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{94D841C6-968B-431F-A350-4E37064FDD82}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9CB7BC27-5DC8-49AC-9E7D-051BC398550C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{9D6B7519-1520-48FB-AF26-18D4E4DDEB8C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A552A28E-449F-4B3A-BC15-EA9FCACD2BE7}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{A6C67A56-6BDE-4920-B7E4-137A47FD7E1A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{ACE5CEDE-D891-4CD4-BA32-444201198A1B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{AF95D693-253E-406C-8BEF-7D044BBF5A9D}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{B3CF36D9-405C-4A85-A083-EAD92E2B16C1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BD787FF4-B355-4F00-BB0F-2A1A3F495BAC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{BE180A32-916D-48EB-A2D2-42B0EAEE1CA2}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{C4F5FA4A-21F2-49A6-9021-0707B0DBDFEB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C901998C-995E-497B-899C-FA13296C8F58}" = protocol=58 | dir=in | [email protected],-28545 |
"{CB781471-A375-4ABD-9F4B-16E061E33790}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{CB8E5433-1536-41EA-9D39-63612E2C6842}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CF0E1DE1-5D6F-4C33-A872-778A74293FC2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{DC8556BE-7202-420F-B169-40E21FAF90A1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E40BA351-46F5-44EB-82BD-1BAAEB88E85B}" = protocol=58 | dir=out | [email protected],-28546 |
"{E49E3540-E71B-4A03-96D0-7182CD249372}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E83F1C2F-28F6-46CE-BC8C-43C0631DAE65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{EB996068-8A0F-465E-9A5A-ACF1893AD049}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{EFE8B2AF-27AD-456E-852C-B694AECD50CF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F2AB4E70-A570-4325-A163-5142B80A25DA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{F43E0400-5957-4953-8EB3-AE7233FD5DE0}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F927F2ED-BB57-4640-A390-ADC83FAB4031}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{FF84206D-A7F7-4240-9E14-722399D64F46}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"TCP Query User{165D761C-2B3D-4B75-B9FC-0963BD1DB94F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3EE184F3-7FD9-463C-A440-B8EF60AE66BB}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{E80A7CDB-FA8B-4C40-B68F-59BDC1A5BA56}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{27A43C4A-2142-4E86-BF54-AF76BE4C665B}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{5299C907-301D-4260-97E6-B2B08BB44557}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DD5854BD-D698-4852-8F04-6499FEE4A3E6}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31494504-40DF-4290-872D-E3824745E8A1}}_is1" = Tile Mosaic Maker Trial V8.32
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{366E24C6-9097-4F63-BF42-3F3EF356A960}" = Photosynth 2.0.1519.16
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53CDAAAB-6D41-4A36-BAA4-90261DE31B13}" = NetZero For Cosmi
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" =
"{78A974B6-F864-41AE-9F5A-0AAF7D40E884}" = PrintMaster 16
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113772953}" = Amazing Adventures The Lost Tomb
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118392197}" = Pacman
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118469257}" = Hidden Identity Chicago Blackout
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11852670}" = Chicken Invaders 3 Easter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119692777}" = Cake Mania - To the Max
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005350}" = Hobby Farm
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B041ABD7-4A10-482a-A525-577A7AAD8EC7}" = C6200_Help
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = Panorama Maker
"{D7358B07-4F10-4014-9869-7999578BE8ED}" = HP User Guides 0093
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
"{E1FD657F-C29E-4FED-A4FB-1199E22AE33E}" = UltraFast
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA9AAB32-160B-4FC1-AF18-71F11257C574}" = SolidWorks eDrawings 2010
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{FDDDD898-725F-498E-8582-938326066177}" = HP Battery Check
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_7" = AIM 7
"Ask Toolbar_is1" = Ask Toolbar
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BFGC" = Big Fish Games: Game Manager
"BFG-Chocolatier - Decadence by Design" = Chocolatier: Decadence by Design
"Chainz 2" = Chainz 2 (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" =
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Doggie Dash" = Doggie Dash
"ESET Online Scanner" = ESET Online Scanner v3
"FrostWire" = FrostWire 4.21.5
"GamesBar" = GamesBar
"Glass Eye 2000" = Glass Eye 2000
"Gogii 4-Pack1.0" = Gogii 4-Pack
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Battery Check" = HP Battery Check
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"iWinArcade" = iWin Games (remove only)
"Mah Jong Quest" = Mah Jong Quest (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Mysteryville 2" = Mysteryville 2 (remove only)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"Picasa 3" = Picasa 3
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TomTom HOME" = TomTom HOME
"TranslatorBar_1 Toolbar" = TranslatorBar_1 Toolbar
"TVWiz" = Intel® TV Wizard
"Ultimate Mahjongg 15" = Ultimate Mahjongg 15
"Ultimate Solitaire 750" = Ultimate Solitaire 750
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zynga Toolbar" = Zynga Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/1/2011 6:13:50 PM | Computer Name = Judi-PC | Source = EventSystem | ID = 4609
Description =
Error - 12/1/2011 6:14:00 PM | Computer Name = Judi-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/1/2011 7:59:56 PM | Computer Name = Judi-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
0x4de07b1b, faulting module unknown, version, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x01c0d426, process id 0xc3c, application start time
Error - 12/1/2011 8:49:57 PM | Computer Name = Judi-PC | Source = System Restore | ID = 8193
Description =
Error - 12/1/2011 8:50:03 PM | Computer Name = Judi-PC | Source = System Restore | ID = 8193
Description =
Error - 12/3/2011 7:37:15 PM | Computer Name = Judi-PC | Source = EventSystem | ID = 4609
Description =
Error - 12/3/2011 7:37:26 PM | Computer Name = Judi-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/3/2011 7:57:18 PM | Computer Name = Judi-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module ShellvRTF.dll, version, time stamp 0x46d83e7c,
exception code 0xc0000005, fault offset 0x000057ab, process id 0x620, application
start time 0x01ccb21477901aff.
Error - 12/3/2011 7:57:31 PM | Computer Name = Judi-PC | Source = EventSystem | ID = 4609
Description =
Error - 12/4/2011 3:42:30 PM | Computer Name = Judi-PC | Source = System Restore | ID = 8193
Description =
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
aswMBR version Copyright© 2011 AVAST Software
Run date: 2011-12-04 17:19:42
17:19:42.124 OS Version: Windows 6.0.6001 Service Pack 1
17:19:42.124 Number of processors: 2 586 0xF0D
17:19:42.124 ComputerName: JUDI-PC UserName: Judi
17:21:30.965 Initialize success
17:22:35.487 AVAST engine defs: 11120401
17:23:22.068 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:23:22.068 Disk 0 Vendor: ST916082 3.BH Size: 152627MB BusType: 3
17:23:22.193 Disk 0 MBR read successfully
17:23:22.193 Disk 0 MBR scan
17:23:24.128 Disk 0 unknown MBR code
17:23:24.174 Disk 0 scanning sectors +312576705
17:23:24.377 Disk 0 scanning C:\Windows\system32\drivers
17:23:42.192 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-AOK [Rtk]
17:27:03.838 Service scanning
17:27:29.141 Modules scanning
17:28:07.533 Module: C:\Windows\System32\Drivers\dfsc.sys **SUSPICIOUS**
17:28:27.938 Disk 0 trace - called modules:
17:28:28.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8c300f10]<<
17:28:28.702 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a70220]
17:28:28.718 3 CLASSPNP.SYS[871a1745] -> nt!IofCallDriver -> [0x8c28bcb8]
17:28:28.718 \Driver\00001082[0x8c28bdf0] -> IRP_MJ_CREATE -> 0x8c300f10
17:29:07.811 AVAST engine scan C:\Windows
17:29:25.455 AVAST engine scan C:\Windows\system32
17:29:26.328 File: C:\Windows\system32\ **INFECTED** Win32:Zbot-NUQ [Trj]
17:34:53.235 AVAST engine scan C:\Windows\system32\drivers
17:34:58.355 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Alureon-AOK [Rtk]
17:35:44.219 AVAST engine scan C:\Users\Judi
17:52:17.992 File: C:\Users\Judi\AppData\Local\temp\0.5877803652428584gtye.exe **INFECTED** Win32:FakeAlert-BNL [Trj]
17:56:33.645 File: C:\Users\Judi\AppData\Local\temp\eyoiwuwfqb **INFECTED** Win32:FakeAlert-BNB [Trj]
18:00:16.666 File: C:\Users\Judi\AppData\Local\ugd.exe **INFECTED** Win32:FakeAlert-BNL [Trj]
18:01:59.975 Disk 0 MBR has been saved successfully to "C:\Users\Judi\Desktop\MBR.dat"
18:02:00.131 The log file has been saved successfully to "C:\Users\Judi\Desktop\aswMBR.txt"
18:12:24.810 AVAST engine scan C:\ProgramData
18:12:27.040 File: C:\ProgramData\ahY2dAji.exe **INFECTED** Win32:Malware-gen
18:18:47.004 Scan finished successfully
18:24:13.044 Disk 0 MBR has been saved successfully to "C:\Users\Judi\Desktop\MBR.dat"
18:24:13.059 The log file has been saved successfully to "C:\Users\Judi\Desktop\aswMBR.txt"
DiskManagement Screen Shot:
Won't let me paste a screen shot for some reason, wouldn't let me attach a word file, so it is attached as a .pdf
Attached Files
Posted 07 December 2011 - 03:09 PM
Step 1
Please uninstall the following programs via Control Panel > Add/Remove Programs (if present):
I recommend you remove your P2P program, FrostWire. They are bad because shared files can contain security risks such as viruses, spyware and other unwanted software. The files distributed on these sites are packed with malware and are distributed all over the internet. You don't know where they have been, someone could have infected the files with malware.
Viewpoint is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". I recommend you uninstall your Viewpoint product but it is your choice.
This may change, read Viewpoint to Plunge Into Adware.
Step 2
Run OTL.
Step 3
Download the latest version of TDSSKiller from here and save it to your Desktop.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.
Things I want to see in your next reply
Step 1
Please uninstall the following programs via Control Panel > Add/Remove Programs (if present):
- Ask Toolbar
- Chainz 2 (remove only)
- FrostWire 4.21.5
- GamesBar
- TranslatorBar_1 Toolbar
- Viewpoint Media Player
- Zynga Toolbar
I recommend you remove your P2P program, FrostWire. They are bad because shared files can contain security risks such as viruses, spyware and other unwanted software. The files distributed on these sites are packed with malware and are distributed all over the internet. You don't know where they have been, someone could have infected the files with malware.
Viewpoint is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". I recommend you uninstall your Viewpoint product but it is your choice.
This may change, read Viewpoint to Plunge Into Adware.
Step 2
Run OTL.
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
:OTL IE - HKLM\..\URLSearchHook: {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.) IE - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 FF - prefs.js..extensions.enabledItems: [email protected]: FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.346 FF - 4 FF - HKLM\Software\MozillaPlugins\ C:\Program Files\Common Files\Oberon Media\NCAdapter\\npapicomadapter.dll (Oberon-Media ) [2010/11/29 01:18:18 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Judi\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2011/10/25 09:21:40 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Judi\AppData\Roaming\Mozilla\Firefox\Profiles\2nawkxyv.default\extensions\[email protected] () (No name found) -- C:\USERS\JUDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2NAWKXYV.DEFAULT\EXTENSIONS\{AFE43E80-0ABC-4DF2-81A0-3FE44B74ABE8}.XPI [2010/11/25 12:09:47 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober248823419.xml [2011/01/18 22:01:25 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober31269246.xml [2011/06/07 18:13:08 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober56812990.xml O2 - BHO: (TranslatorBar 1 Toolbar) - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll ( O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.) O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\\oberontb.dll (Oberon Media Ltd.) O3 - HKLM\..\Toolbar: (TranslatorBar 1 Toolbar) - {00bf7b9c-acd2-4080-bea8-b1c41987070f} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll ( O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\\oberontb.dll (Oberon Media Ltd.) O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\..\Toolbar\WebBrowser: (TranslatorBar 1 Toolbar) - {00BF7B9C-ACD2-4080-BEA8-B1C41987070F} - C:\Program Files\TranslatorBar_1\tbTran.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll ( O3 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyng.dll (Conduit Ltd.) O4 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media ) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-190886887-1494488958-1657312369-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found [2011/12/01 17:23:23 | 000,032,256 | ---- | C] (TWX Corp.) -- C:\Windows\System32\ [2011/11/30 19:40:14 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Users\Judi\AppData\Local\ugd.exe [2011/11/04 19:27:04 | 000,000,000 | ---D | C] -- C:\Users\Judi\AppData\Local\userNetTask [2011/12/04 13:42:53 | 000,010,728 | --S- | M] () -- C:\Users\Judi\AppData\Local\hlpfte0f0hwv6uin8hej0m504y3u [2011/12/04 13:42:53 | 000,010,728 | --S- | M] () -- C:\ProgramData\hlpfte0f0hwv6uin8hej0m504y3u [2011/12/01 17:37:35 | 000,000,112 | ---- | M] () -- C:\ProgramData\s831KJO25.dat [2011/12/01 17:32:26 | 000,000,000 | ---- | M] () -- C:\ProgramData\ahY2dAji.exe.b [2011/12/01 17:31:58 | 000,116,224 | ---- | M] () -- C:\ProgramData\ahY2dAji.exe [2011/05/26 11:00:11 | 000,000,120 | ---- | C] () -- C:\Users\Judi\AppData\Local\Tsavucefuheli.dat [2011/05/26 11:00:11 | 000,000,000 | ---- | C] () -- C:\Users\Judi\AppData\Local\Tsarubesidacibi.bin [2011/05/25 21:23:05 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~43441912r [2011/05/25 21:23:05 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~43441912 [2011/05/25 21:22:13 | 000,000,400 | ---- | C] () -- C:\ProgramData\43441912 [2011/06/12 12:50:49 | 000,000,000 | ---D | M] -- C:\Users\Judi\AppData\Roaming\Oberon Media @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:9756362E @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:527D9577 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E6B1AD87 [1 C:\Users\Judi\Documents\*.tmp files -> C:\Users\Judi\Documents\*.tmp -> ] :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring"=- :Files C:\Users\Judi\AppData\Local\temp\0.5877803652428584gtye.exe C:\Users\Judi\AppData\Local\temp\eyoiwuwfqb ipconfig /flushdns /c xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C :Commands [purity] [resethosts] [EMPTYFLASH] [CREATERESTOREPOINT] [Reboot]
- Then click the Run Fix button at the top.
- Let the program run unhindered, reboot the PC when it is done.
- Post the log that appears upon reboot in your next reply.
- Open OTL again and select the "Scan All Users" box.
- Click the Quick Scan button. Post the log it produces in your next reply.
Step 3
Download the latest version of TDSSKiller from here and save it to your Desktop.
- Double-click on TDSSKiller.exe to run the application, then click on Change Parameters.
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
- Click the Start Scan button.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
- If malicious objects are found, they will show in the Scan results and offer 3 options.
- Ensure Cure is selected, then click Continue --> Reboot Computer to finish the cleaning process.
- Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.
Things I want to see in your next reply
- OTL Fix Log
- OTL.txt
- TDSSKiller.[Version]_[Date]_[Time]_log.txt
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users