also @ TechSpot: Codemasters announces £125,000 special edition of GRID 2

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Partially removed System Check Virus Win 7, no Internet or safe mode

Discussion in 'Virus and Malware Removal' started by Joyfulldreams, Jan 5, 2012.

Post New Reply

Page 3 of 4

Joyfulldreams Newcomer, in training Posts: 44

Alright, ComboFix is taking too long again. It's been over an hour now and no change.

Do you think I should try it one more time? I may have accidentally clicked it or done something to stall it.

Joyfulldreams, Jan 6, 2012

#41
Broni Malware Annihilator Posts: 39,425 +177

Delete your Combofix file, download fresh one and run it from safe mode.

Broni, Jan 6, 2012

#42
Joyfulldreams Newcomer, in training Posts: 44

Still can't boot into safe mode. The Win32 files scroll down the screen, computer freezes for about 2 minutes, then reboots by itself.

Joyfulldreams, Jan 6, 2012

#43
Broni Malware Annihilator Posts: 39,425 +177

Download SafeBootKeyRepair by sUBs and save it to your desktop.
Double-click SafeBootKeyRepair.exe to run it.
Follow any prompts that may appear then post the log it produces.

Broni, Jan 6, 2012

#44
Joyfulldreams Newcomer, in training Posts: 44

It says that version won't run with my OS; it's only for Win 2000 or XP. I have Win 7.

Joyfulldreams, Jan 6, 2012

#45

Broni Malware Annihilator Posts: 39,425 +177

It shouldn't matter.

Try to run new Combofix from normal mode.
If nothing happens or it's stuck after 30 minutes...

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Broni, Jan 6, 2012

#46

Joyfulldreams Newcomer, in training Posts: 44

About the safeboot key thing, it tells me to press any key to continue, and I do, but then the prompt just disappears and nothing happens.

Ignore it and try Combofix again?

Joyfulldreams, Jan 6, 2012

#47
Broni Malware Annihilator Posts: 39,425 +177

See if you can restart in safe mode now.

Broni, Jan 6, 2012

#48
Joyfulldreams Newcomer, in training Posts: 44

Hey! It worked! Woohoo!

Trying ComboFix again now.

Joyfulldreams, Jan 6, 2012

#49
Broni Malware Annihilator Posts: 39,425 +177

Cool ............

Broni, Jan 7, 2012

#50
Joyfulldreams Newcomer, in training Posts: 44

Tried doing ComboFix, didn't work so I ran OTL. Here are the logs:

OTL:

OTL logfile created on: 1/6/2012 8:48:58 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rebecca\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 72.69% Memory free
5.87 Gb Paging File | 5.22 Gb Available in Paging File | 88.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 187.67 Gb Total Space | 18.57 Gb Free Space | 9.90% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 29.54 Gb Free Space | 97.65% Space Free | Partition Type: NTFS
Drive F: | 3.61 Gb Total Space | 3.21 Gb Free Space | 89.04% Space Free | Partition Type: FAT32

Computer Name: REBECCA-PC | User Name: Rebecca | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/06 20:47:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca\Desktop\OTL.exe
PRC - [2011/11/22 15:45:32 | 000,161,336 | ---- | M] (Google) -- C:\Users\Rebecca\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/05 21:21:19 | 000,053,248 | ---- | M] () -- C:\Users\Rebecca\AppData\Local\Temp\catchme.dll
MOD - [2011/12/07 03:16:28 | 000,411,192 | ---- | M] () -- C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011/12/07 03:16:27 | 003,767,864 | ---- | M] () -- C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011/12/07 03:14:56 | 000,122,952 | ---- | M] () -- C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011/12/07 03:14:55 | 000,222,280 | ---- | M] () -- C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011/12/07 03:14:53 | 001,746,504 | ---- | M] () -- C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011/12/06 23:22:33 | 008,593,056 | ---- | M] () -- C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/09/19 02:31:10 | 002,221,200 | ---- | M] (Giraffic) [Auto | Stopped] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/07/23 08:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Stopped] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2010/07/20 10:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Stopped] -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/04/09 17:57:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/14 08:01:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/22 10:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009/08/14 06:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009/07/14 06:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/18 11:59:48 | 001,349,912 | ---- | M] (Diskeeper Corporation) [Auto | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009/06/04 11:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/11 09:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/07 10:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Stopped] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/05/20 14:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/12/09 17:44:31 | 000,054,800 | ---- | M] () [Kernel | System | Stopped] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 16:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/14 10:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/28 13:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009/07/21 13:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/16 04:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009/07/13 15:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/06/19 08:18:26 | 000,168,704 | ---- | M] (SMI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi)
DRV - [2009/06/14 18:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/05/19 05:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/04/09 06:23:02 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/08/06 04:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 10:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/09/23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DE 1E C5 02 F7 73 5D 41 96 2D 3E 15 3F 14 EC 52 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DE 1E C5 02 F7 73 5D 41 96 2D 3E 15 3F 14 EC 52 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DE 1E C5 02 F7 73 5D 41 96 2D 3E 15 3F 14 EC 52 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DE 1E C5 02 F7 73 5D 41 96 2D 3E 15 3F 14 EC 52 [binary data]

IE - HKU\S-1-5-21-2313591606-2777530284-2021149797-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/?src=startp...b63d&browser=IE&os=win&os_version=6.1-x86-SP0
IE - HKU\S-1-5-21-2313591606-2777530284-2021149797-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-2313591606-2777530284-2021149797-1004\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DE 1E C5 02 F7 73 5D 41 96 2D 3E 15 3F 14 EC 52 [binary data]
IE - HKU\S-1-5-21-2313591606-2777530284-2021149797-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2313591606-2777530284-2021149797-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2313591606-2777530284-2021149797-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b8dfb75b-7677-4af9-8bd7-8a59252c07ff}:1.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.7
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {d0e069e9-5356-44c8-978d-bbded70f2bb8}:1.0
FF - prefs.js..extensions.enabledItems: {021a4511-3e83-413b-8866-33aea6861b4a}:1.0
FF - prefs.js..extensions.enabledItems: {dfcc1bf1-a0cf-4ef9-92a2-1f30dda918b5}:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledItems: {4b151e38-c5e9-4a91-9b09-de0251ca8f38}:1.0
FF - prefs.js..keyword.URL: "http://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110722&user_guid=B1D4A0B552094CC9AFC2783D9CA01B2C&machine_id=d8a85fe37134c5c894feb59d264fb63d&browser=FF&os=win&os_version=6.1-x86-SP0&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Rebecca\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Rebecca\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rebecca\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rebecca\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 16:08:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/09 16:37:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/19 13:22:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 15:19:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 15:19:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 16:08:28 | 000,000,000 | ---D | M]

[2010/02/09 04:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Extensions
[2011/12/22 14:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions
[2011/09/17 08:58:50 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{021a4511-3e83-413b-8866-33aea6861b4a}
[2011/11/23 17:05:51 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{4b151e38-c5e9-4a91-9b09-de0251ca8f38}
[2010/05/03 16:19:46 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/11/18 21:24:10 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2011/06/09 16:35:41 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{b8dfb75b-7677-4af9-8bd7-8a59252c07ff}
[2011/11/18 21:24:10 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/09/04 16:54:05 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{d0e069e9-5356-44c8-978d-bbded70f2bb8}
[2011/09/21 16:10:13 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{dfcc1bf1-a0cf-4ef9-92a2-1f30dda918b5}
[2011/08/15 21:30:42 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\plugin@yontoo.com
[2011/07/22 13:00:58 | 000,002,259 | ---- | M] () -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\searchplugins\bing-zugo.xml
[2011/03/21 13:46:56 | 000,000,933 | ---- | M] () -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\searchplugins\conduit.xml
[2011/09/01 16:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/13 07:30:23 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/11 12:37:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/27 20:13:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/19 13:22:02 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010/03/02 16:08:28 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Rebecca\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Rebecca\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rebecca\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Turn Off the Lights = C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.31_0\
CHR - Extension: YouTube = C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: SiteAdvisor = C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Gmail = C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/01/06 13:25:59 | 000,001,626 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2313591606-2777530284-2021149797-1004\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-2313591606-2777530284-2021149797-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [FtJthnNSvuydIr.exe] C:\ProgramData\FtJthnNSvuydIr.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe File not found
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [7968a239e6bfab4.exe] "C:\windows\system32\config\systemprofile\AppData\Local\7968a239e6bfab4.exe" /autorun File not found
O4 - HKU\.DEFAULT..\Run: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
O4 - HKU\.DEFAULT..\Run: [winupd] C:\windows\TEMP [2012/01/06 19:32:24 | 000,000,000 | -HSD | M]
O4 - HKU\S-1-5-18..\Run: [7968a239e6bfab4.exe] "C:\windows\system32\config\systemprofile\AppData\Local\7968a239e6bfab4.exe" /autorun File not found
O4 - HKU\S-1-5-18..\Run: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
O4 - HKU\S-1-5-18..\Run: [winupd] C:\windows\TEMP [2012/01/06 19:32:24 | 000,000,000 | -HSD | M]
O4 - HKU\S-1-5-21-2313591606-2777530284-2021149797-1004..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2313591606-2777530284-2021149797-1004..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2313591606-2777530284-2021149797-1004..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10g_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10g_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D84E71A9-7BD1-4626-A699-C1E38AAF846B}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klartew: DllName - (C:\windows\system32\config\systemprofile\AppData\Local\klartew.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2141ba1a-1980-11df-95dc-002622df0df5}\Shell - "" = AutoRun
O33 - MountPoints2\{2141ba1a-1980-11df-95dc-002622df0df5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{66911b57-8849-11df-a8de-002622df0df5}\Shell - "" = AutoRun
O33 - MountPoints2\{66911b57-8849-11df-a8de-002622df0df5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{88095760-577f-11df-ad63-002622df0df5}\Shell - "" = AutoRun
O33 - MountPoints2\{88095760-577f-11df-ad63-002622df0df5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{eba91a33-e52b-11de-974a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{eba91a33-e52b-11de-974a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2313591606-2777530284-2021149797-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = E7] -- "C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "%1" %* ()
O37 - HKU\.DEFAULT\...exe [@ = E7] -- "C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "%1" %* ()
O37 - HKU\S-1-5-18\...exe [@ = E7] -- "C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "%1" %* ()
O37 - HKU\S-1-5-21-2313591606-2777530284-2021149797-1004\...exe [@ = exefile] -- "%1" %*

Joyfulldreams, Jan 7, 2012

#51
Joyfulldreams Newcomer, in training Posts: 44

(CONT...)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.clmp3enc - C:\Program Files\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.mjpg - C:\windows\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: vidc.XVID - C:\windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/06 20:47:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rebecca\Desktop\OTL.exe
[2012/01/06 19:32:13 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/06 18:51:34 | 004,373,779 | R--- | C] (Swearware) -- C:\Users\Rebecca\Desktop\ComboFix.exe
[2012/01/06 13:15:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/06 10:48:38 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Rebecca\Desktop\OTLPENet.exe
[2012/01/05 21:18:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/01/05 21:18:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/01/05 21:18:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/01/05 21:18:53 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/01/05 21:17:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/05 20:52:46 | 000,000,000 | ---D | C] -- C:\Users\Rebecca\Desktop\bootkit_remover
[2012/01/05 19:38:00 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Users\Rebecca\Desktop\aswMBR.exe
[2012/01/05 14:40:30 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rebecca\Desktop\iexplorer.exe
[2012/01/05 12:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\This thing rocks
[2012/01/05 10:56:13 | 000,000,000 | ---D | C] -- C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2011/12/30 07:25:59 | 000,000,000 | ---D | C] -- C:\Users\Rebecca\AppData\Local\HP
[2011/12/25 09:49:26 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2011/12/17 15:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2011/12/17 15:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011/12/17 15:07:48 | 000,000,000 | ---D | C] -- C:\Users\Rebecca\AppData\Local\WMTools Downloaded Files
[2011/12/17 14:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker 2.6
[2010/12/17 20:25:15 | 001,719,336 | ---- | C] (Yugma,Inc. ) -- C:\ProgramData\YugmaSE-Uninstaller.exe
[3 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/06 20:48:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/01/06 20:48:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/01/06 20:47:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca\Desktop\OTL.exe
[2012/01/06 19:31:53 | 004,373,779 | R--- | M] (Swearware) -- C:\Users\Rebecca\Desktop\ComboFix.exe
[2012/01/06 19:30:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/06 19:30:09 | 2362,912,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/06 19:05:34 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 19:05:34 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 19:02:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2313591606-2777530284-2021149797-1004UA.job
[2012/01/06 19:00:07 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At20.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At9.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At8.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At7.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At6.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At5.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At4.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At3.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At24.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At23.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At22.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At21.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At2.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At18.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At17.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At16.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At15.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At14.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At13.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At12.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At11.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At10.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At1.job
[2012/01/06 18:57:33 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2012/01/06 18:00:25 | 000,000,340 | ---- | M] () -- C:\windows\tasks\At19.job
[2012/01/06 17:26:23 | 000,000,000 | ---- | M] () -- C:\ProgramData\1j345jBv.exe.b
[2012/01/06 17:21:21 | 000,000,512 | ---- | M] () -- C:\Users\Rebecca\Desktop\MBR.dat
[2012/01/06 13:25:59 | 000,001,626 | RH-- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/01/06 10:43:58 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Rebecca\Desktop\OTLPENet.exe
[2012/01/06 10:24:48 | 000,004,096 | -H-- | M] () -- C:\Users\Rebecca\Desktop\._OTL(2).exe
[2012/01/05 23:02:04 | 000,000,864 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2313591606-2777530284-2021149797-1004Core.job
[2012/01/05 20:50:54 | 000,044,607 | ---- | M] () -- C:\Users\Rebecca\Desktop\bootkit_remover.zip
[2012/01/05 19:28:06 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Rebecca\Desktop\aswMBR.exe
[2012/01/05 14:37:22 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rebecca\Desktop\iexplorer.exe
[2012/01/05 13:25:16 | 000,702,830 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/05 13:25:16 | 000,136,738 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/05 12:26:29 | 000,001,095 | ---- | M] () -- C:\Users\Rebecca\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/05 11:30:14 | 000,000,464 | ---- | M] () -- C:\ProgramData\ERaRwp0N8whcCE
[2012/01/05 10:56:13 | 000,000,677 | ---- | M] () -- C:\Users\Rebecca\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/05 09:52:51 | 108,634,424 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/01/01 01:01:03 | 000,000,320 | ---- | M] () -- C:\windows\tasks\McQcTask.job
[2011/12/18 17:04:28 | 000,002,413 | ---- | M] () -- C:\Users\Rebecca\Desktop\Google Chrome.lnk
[2011/12/17 15:08:03 | 000,006,656 | ---- | M] () -- C:\Users\Rebecca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/15 06:39:14 | 000,000,342 | ---- | M] () -- C:\windows\tasks\McDefragTask.job
[2011/12/14 03:21:00 | 002,435,064 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[3 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/06 20:48:22 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/01/06 20:48:22 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/01/06 18:57:33 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2012/01/06 17:26:25 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At24.job
[2012/01/06 17:26:25 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At23.job
[2012/01/06 17:26:25 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At22.job
[2012/01/06 17:26:25 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At21.job
[2012/01/06 17:26:25 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At20.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At9.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At8.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At7.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At6.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At5.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At4.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At3.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At2.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At19.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At18.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At17.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At16.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At15.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At14.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At13.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At12.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At11.job
[2012/01/06 17:26:24 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At10.job
[2012/01/06 17:26:23 | 000,111,616 | ---- | C] () -- C:\ProgramData\1j345jBv.exe
[2012/01/06 17:26:23 | 000,000,340 | ---- | C] () -- C:\windows\tasks\At1.job
[2012/01/06 17:26:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\1j345jBv.exe.b
[2012/01/06 17:21:21 | 000,000,512 | ---- | C] () -- C:\Users\Rebecca\Desktop\MBR.dat
[2012/01/06 10:25:20 | 000,004,096 | -H-- | C] () -- C:\Users\Rebecca\Desktop\._OTL(2).exe
[2012/01/05 21:18:57 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/01/05 21:18:57 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/01/05 21:18:57 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/01/05 21:18:57 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/01/05 21:18:57 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/01/05 20:52:39 | 000,044,607 | ---- | C] () -- C:\Users\Rebecca\Desktop\bootkit_remover.zip
[2012/01/05 12:26:29 | 000,001,095 | ---- | C] () -- C:\Users\Rebecca\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/05 10:56:13 | 000,000,677 | ---- | C] () -- C:\Users\Rebecca\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/05 10:56:12 | 000,000,464 | ---- | C] () -- C:\ProgramData\ERaRwp0N8whcCE
[2012/01/05 09:52:51 | 108,634,424 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/01/05 01:26:23 | 000,111,616 | ---- | C] () -- C:\windows\System32\h6v76t3.com
[2011/11/25 17:27:04 | 000,000,000 | ---- | C] () -- C:\windows\System32\h6v76t3.com.b
[2011/11/25 17:24:13 | 000,000,112 | ---- | C] () -- C:\ProgramData\YSoO7f1pp.dat
[2011/11/25 17:24:07 | 000,111,616 | ---- | C] () -- C:\windows\System32\h6v76t3.com_
[2011/09/11 20:15:23 | 000,000,000 | ---- | C] () -- C:\windows\Shadow.INI
[2011/08/27 00:47:10 | 000,153,600 | ---- | C] () -- C:\windows\System32\IS_ContextMenu.dll
[2011/08/16 00:01:07 | 000,758,018 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2011/08/16 00:01:07 | 000,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2011/08/15 23:45:12 | 000,006,656 | ---- | C] () -- C:\Users\Rebecca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/17 15:13:22 | 000,470,160 | ---- | C] () -- C:\windows\hphins26.dat.temp
[2010/11/17 15:13:22 | 000,000,349 | ---- | C] () -- C:\windows\hphmdl26.dat.temp
[2010/04/20 17:11:09 | 000,073,220 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2010/04/20 17:11:09 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat
[2010/04/20 17:11:09 | 000,029,114 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2010/04/20 17:11:09 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat
[2010/04/20 17:11:09 | 000,021,021 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat
[2010/04/20 17:11:09 | 000,015,670 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat
[2010/04/20 17:11:09 | 000,013,280 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2010/04/20 17:11:09 | 000,010,673 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat
[2010/04/20 17:11:09 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat
[2010/04/20 17:11:09 | 000,001,140 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
[2010/04/20 17:11:09 | 000,001,140 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
[2010/04/20 17:11:09 | 000,001,137 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
[2010/04/20 17:11:09 | 000,001,130 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
[2010/04/20 17:11:09 | 000,001,130 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
[2010/04/20 17:11:09 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
[2010/04/20 17:11:09 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2010/04/20 17:07:44 | 000,065,793 | ---- | C] () -- C:\windows\System32\esfw8b.bin
[2010/04/20 17:06:55 | 000,000,044 | ---- | C] () -- C:\windows\PERFV30V300.ini
[2010/03/02 15:37:37 | 000,159,608 | ---- | C] () -- C:\windows\hphins26.dat
[2010/03/02 15:37:37 | 000,000,349 | ---- | C] () -- C:\windows\hphmdl26.dat
[2010/02/09 05:29:26 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/09 17:45:13 | 002,110,728 | ---- | C] () -- C:\windows\System32\Apblend.dll
[2009/12/09 17:45:13 | 001,410,312 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll
[2009/12/09 17:45:13 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll
[2009/12/09 17:45:13 | 000,660,744 | ---- | C] () -- C:\windows\System32\EncIcons.dll
[2009/12/09 17:45:13 | 000,513,288 | ---- | C] () -- C:\windows\System32\SimpleExt.dll
[2009/12/09 17:45:03 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll
[2009/12/09 17:44:31 | 000,057,344 | ---- | C] () -- C:\windows\AsfHelper.dll
[2009/12/09 17:44:31 | 000,054,800 | ---- | C] () -- C:\windows\System32\drivers\funfrm.sys
[2009/12/09 17:44:19 | 000,163,840 | ---- | C] () -- C:\windows\System32\SM37XCoInst.dll
[2009/12/09 17:43:01 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2009/12/09 17:38:57 | 000,016,648 | R--- | C] () -- C:\windows\System32\LogAPI.dll
[2009/12/09 17:37:06 | 000,982,220 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/12/09 17:37:06 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/12/09 17:37:06 | 000,092,216 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/12/09 17:37:05 | 000,439,300 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 20:33:53 | 002,435,064 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,702,830 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,136,738 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 15:24:44 | 002,614,784 | ---- | C] () -- C:\windows\expl.dat
[2009/07/13 15:24:44 | 000,285,696 | ---- | C] () -- C:\windows\System32\winl.dat
[2009/07/13 15:24:44 | 000,020,992 | ---- | C] () -- C:\windows\System32\svch.dat
[2009/06/26 16:21:02 | 000,015,498 | ---- | C] () -- C:\windows\VX3000.ini
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2007/01/26 00:04:12 | 000,138,752 | ---- | C] () -- C:\windows\System32\mase32.dll
[2007/01/26 00:04:12 | 000,027,648 | ---- | C] () -- C:\windows\System32\ma32.dll
========== LOP Check ==========

[2011/06/25 14:17:15 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\Amazon
[2011/06/19 20:21:10 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\Audacity
[2010/12/08 14:56:00 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\Blender Foundation
[2011/11/09 21:13:51 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\cYo
[2010/03/05 17:30:05 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\EasyCapture
[2011/12/03 22:00:25 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\EPSON
[2011/08/28 11:44:31 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\FLV2AVI
[2011/08/28 17:15:08 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\FreeFLVConverter
[2011/08/26 12:40:29 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\GetRightToGo
[2011/02/13 11:16:20 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\ID Vault
[2010/04/20 17:16:36 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\Leadertech
[2011/08/15 23:56:00 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\NCH Swift Sound
[2010/02/14 08:46:13 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\SYSTEMAX Software Development
[2010/08/05 12:18:38 | 000,000,000 | ---D | M] -- C:\Users\Rebecca\AppData\Roaming\TeamViewer
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At1.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At10.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At11.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At12.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At13.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At14.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At15.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At16.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At17.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At18.job
[2012/01/06 18:00:25 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At19.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At2.job
[2012/01/06 19:00:07 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At20.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At21.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At22.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At23.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At24.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At3.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At4.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At5.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At6.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At7.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At8.job
[2012/01/06 18:58:15 | 000,000,340 | ---- | M] () -- C:\windows\Tasks\At9.job
[2011/12/15 06:39:14 | 000,000,342 | ---- | M] () -- C:\windows\Tasks\McDefragTask.job
[2012/01/01 01:01:03 | 000,000,320 | ---- | M] () -- C:\windows\Tasks\McQcTask.job
[2011/05/12 14:34:54 | 000,032,624 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 13:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2012/01/06 18:57:33 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2009/06/10 13:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/18 21:53:06 | 000,000,045 | ---- | M] () -- C:\error.log
[2010/10/05 06:14:21 | 002,534,632 | ---- | M] () -- C:\FaceProv.log
[2012/01/06 19:30:09 | 2362,912,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/06 20:48:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/08/15 18:21:42 | 000,006,262 | ---- | M] () -- C:\log.txt
[2012/01/06 20:48:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/01/06 12:34:21 | 000,114,980 | ---- | M] () -- C:\OTL.Txt
[2012/01/06 19:30:12 | 3150,553,088 | -HS- | M] () -- C:\pagefile.sys
[2012/01/05 13:23:56 | 000,001,878 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_05.01.2012_13.23.30_log.txt
[2012/01/05 13:24:57 | 000,001,878 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_05.01.2012_13.24.40_log.txt
[2012/01/05 13:27:57 | 000,277,630 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_05.01.2012_13.25.10_log.txt
[2012/01/05 13:28:05 | 000,001,878 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_05.01.2012_13.28.00_log.txt
[2012/01/05 13:44:28 | 000,275,294 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_05.01.2012_13.43.03_log.txt
[2012/01/05 14:40:27 | 000,001,878 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_05.01.2012_14.39.34_log.txt
[2012/01/05 14:44:44 | 000,276,878 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_05.01.2012_14.40.58_log.txt
[2012/01/05 18:25:02 | 000,011,182 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_05.01.2012_18.21.06_log.txt
[2010/12/17 20:41:12 | 000,003,825 | ---- | M] () -- C:\yugmaerr.log
[2010/12/17 20:41:12 | 000,000,098 | ---- | M] () -- C:\yugmaout.log

< %systemroot%\Fonts\*.com >
[2009/07/13 20:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 20:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 20:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 20:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 17:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/13 17:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 17:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 04:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 20:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/02/09 04:30:27 | 000,000,221 | -HS- | M] () -- C:\Users\Rebecca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/01/06 10:24:48 | 000,004,096 | -H-- | M] () -- C:\Users\Rebecca\Desktop\._OTL(2).exe
[2012/01/05 19:28:06 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Rebecca\Desktop\aswMBR.exe
[2012/01/06 19:31:53 | 004,373,779 | R--- | M] (Swearware) -- C:\Users\Rebecca\Desktop\ComboFix.exe
[2012/01/05 14:37:22 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rebecca\Desktop\iexplorer.exe
[2012/01/06 20:47:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca\Desktop\OTL.exe
[2012/01/06 10:43:58 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Rebecca\Desktop\OTLPENet.exe
[2010/02/14 08:44:31 | 002,339,714 | ---- | M] () -- C:\Users\Rebecca\Desktop\sai-1.1.0-ful-en.exe
[2011/08/26 13:32:40 | 170,203,312 | ---- | M] () -- C:\Users\Rebecca\Desktop\VideoSpin_2_0_Setup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/06/26 16:21:02 | 000,013,023 | ---- | M] () -- C:\windows\VX3000.src
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/09/30 19:37:33 | 000,008,192 | ---- | M] () -- C:\windows\SECURITY\Database\edb.chk
[2011/09/30 19:37:33 | 001,048,576 | ---- | M] () -- C:\windows\SECURITY\Database\edb.log
[2011/09/30 19:37:33 | 001,048,576 | ---- | M] () -- C:\windows\SECURITY\Database\edbres00001.jrs
[2011/09/30 19:37:33 | 001,048,576 | ---- | M] () -- C:\windows\SECURITY\Database\edbres00002.jrs
[2011/09/30 19:37:33 | 000,786,432 | ---- | M] () -- C:\windows\SECURITY\Database\edbtmp.log
[2011/09/30 19:37:33 | 001,056,768 | ---- | M] () -- C:\windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/17 21:56:33 | 000,000,402 | -HS- | M] () -- C:\Users\Rebecca\Favorites\desktop.ini
[2011/12/17 15:11:34 | 000,000,298 | ---- | M] () -- C:\Users\Rebecca\Favorites\NCH Software Download Site.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/11/25 17:26:44 | 000,111,616 | ---- | M] () -- C:\ProgramData\1j345jBv.exe
[2012/01/06 17:26:23 | 000,000,000 | ---- | M] () -- C:\ProgramData\1j345jBv.exe.b
[2012/01/05 11:30:14 | 000,000,464 | ---- | M] () -- C:\ProgramData\ERaRwp0N8whcCE
[2011/07/28 07:26:52 | 000,006,335 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/12/17 20:41:12 | 000,001,354 | ---- | M] () -- C:\ProgramData\Uninst.log
[2007/12/21 14:12:46 | 001,719,336 | ---- | M] (Yugma,Inc. ) -- C:\ProgramData\YugmaSE-Uninstaller.exe

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\$NtUninstallKB57608$] -> -> Unknown point type

< End of report >

Extras:

OTL Extras logfile created on: 1/6/2012 8:48:58 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rebecca\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 72.69% Memory free
5.87 Gb Paging File | 5.22 Gb Available in Paging File | 88.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 187.67 Gb Total Space | 18.57 Gb Free Space | 9.90% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 29.54 Gb Free Space | 97.65% Space Free | Partition Type: NTFS
Drive F: | 3.61 Gb Total Space | 3.21 Gb Free Space | 89.04% Space Free | Partition Type: FAT32

Computer Name: REBECCA-PC | User Name: Rebecca | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.exe [@ = E7] -- C:\windows\System32\config\systemprofile\AppData\Local\llc.exe ()
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = E7] -- C:\windows\System32\config\systemprofile\AppData\Local\llc.exe ()

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = E7] -- C:\windows\System32\config\systemprofile\AppData\Local\llc.exe ()

[HKEY_USERS\S-1-5-21-2313591606-2777530284-2021149797-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

Joyfulldreams, Jan 7, 2012

#52
Joyfulldreams Newcomer, in training Posts: 44

(CONT...)

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C2AF762-0565-4C91-9F55-B8B53BB82A38}" = Microsoft Office Accounting 2008 Equifax Addin
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E9B95DA-FA3E-49AF-9A31-2D080A125664}" = Diskeeper 2009 Home
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A10C6C-FF5E-40B2-A343-8D69E24167DF}" = Nancy Drew: Shadow at the Water's Edge
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{270940EA-C235-40D9-B2AE-2D450356DF8E}" = Microsoft Office Accounting 2008
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{32939827-D8E5-470A-B126-870DB3C69FDF}" = Python 2.7.1
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V30/V300 Photo Scanner Driver Update
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{422C37BB-2C1A-4D67-A03C-238DF66F1F81}_is1" = Flv to Avi Converter 1.0
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65173BC2-60E7-4DE8-A61D-A81FCB96EE93}" = Pinnacle Studio Ultimate Plugins
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83A4AF62-0810-45AA-A4CB-94D368423AD9}" = DJ_SF_03_D1500_Software_Min
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A06E1854-1580-4157-AD70-72734D324DEA}" = Lenovo Idea Notes
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.4
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}" = Microsoft Office Accounting 2008 PayPal Addin
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB250C3E-2D23-45CF-9342-8B90D217008F}" = D1500
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7FB1A71-D808-4CD2-997D-837B39EA7EB0}" = DIBS
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB8B599D-2BD5-493C-ABC1-FEE980129D19}" = HP Deskjet D1500 Printer Driver Software 13.0 Rel. 3
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}" = Microsoft Office Accounting 2008 Fixed Asset Manager
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2602F16-02D1-4F1C-99A5-E246C522A59D}" = Lenovo First Boot
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Blender" = Blender (remove only)
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant HD Audio
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"ComicRack" = ComicRack v0.9.147
"DivX Setup" = DivX Setup
"EasyCapture4.0" = EasyCapture
"EPSON Scanner" = EPSON Scan
"Free FLV Converter_is1" = Free FLV Converter V 7.1.0
"Giraffic" = Veoh Giraffic Video Accelerator
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HyperCam 2" = HyperCam 2
"HyperCam Toolbar" = HyperCam Toolbar
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lenovo EasyCamera" = Lenovo EasyCamera
"Lenovo Idea Central" = Lenovo Idea Central
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Office Accounting 2008" = Microsoft Office Accounting 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"MSC" = McAfee SecurityCenter
"PaintToolSAI" = PaintTool SAI Ver.1
"PC-Doctor for Windows" = PC-Doctor for Windows
"PhotoStage" = PhotoStage Slideshow Producer
"Prism" = Prism Video File Converter
"PROHYBRIDR" = 2007 Microsoft Office system
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Shop for HP Supplies" = Shop for HP Supplies
"TVWiz" = Intel(R) TV Wizard
"ULTIMATER" = Microsoft Office Ultimate 2007
"Veoh Web Player Beta" = Veoh Web Player
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.0.5
"Wacom Tablet Driver" = Wacom Tablet
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2313591606-2777530284-2021149797-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/3/2011 9:53:59 PM | Computer Name = Rebecca-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: apphelp.dll, version: 6.1.7600.16481,
time stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting
process id: 0x26d4 Faulting application start time: 0x01ccb2276ecbd6cb Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\windows\system32\apphelp.dll
Report
Id: d4c4bcb2-1e1a-11e1-a3af-002622df0df5

Error - 12/3/2011 9:55:37 PM | Computer Name = Rebecca-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: apphelp.dll, version: 6.1.7600.16481,
time stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting
process id: 0x2780 Faulting application start time: 0x01ccb227a91fb92f Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\windows\system32\apphelp.dll
Report
Id: 0eecd382-1e1b-11e1-a3af-002622df0df5

Error - 12/3/2011 9:57:17 PM | Computer Name = Rebecca-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: apphelp.dll, version: 6.1.7600.16481,
time stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting
process id: 0x270c Faulting application start time: 0x01ccb227e34b045a Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\windows\system32\apphelp.dll
Report
Id: 4a972329-1e1b-11e1-a3af-002622df0df5

Error - 12/3/2011 9:59:05 PM | Computer Name = Rebecca-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: apphelp.dll, version: 6.1.7600.16481,
time stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting
process id: 0x2520 Faulting application start time: 0x01ccb2282560a421 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\windows\system32\apphelp.dll
Report
Id: 8b386cfc-1e1b-11e1-a3af-002622df0df5

Error - 12/3/2011 10:00:43 PM | Computer Name = Rebecca-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: apphelp.dll, version: 6.1.7600.16481,
time stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting
process id: 0x1a40 Faulting application start time: 0x01ccb2285f9d7bbe Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\windows\system32\apphelp.dll
Report
Id: c59661a5-1e1b-11e1-a3af-002622df0df5

Error - 12/3/2011 10:02:24 PM | Computer Name = Rebecca-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: apphelp.dll, version: 6.1.7600.16481,
time stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting
process id: 0x1b44 Faulting application start time: 0x01ccb22899fb9777 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\windows\system32\apphelp.dll
Report
Id: 01b9dab2-1e1c-11e1-a3af-002622df0df5

Error - 12/3/2011 10:04:02 PM | Computer Name = Rebecca-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: apphelp.dll, version: 6.1.7600.16481,
time stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting
process id: 0x2520 Faulting application start time: 0x01ccb228d6174837 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\windows\system32\apphelp.dll
Report
Id: 3bfd6928-1e1c-11e1-a3af-002622df0df5

Error - 12/3/2011 10:45:16 PM | Computer Name = Rebecca-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 12/3/2011 11:06:58 PM | Computer Name = Rebecca-PC | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 1

Error - 12/3/2011 11:27:42 PM | Computer Name = Rebecca-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16869,
time stamp: 0x4e4f21db Faulting module name: apphelp.dll, version: 6.1.7600.16481,
time stamp: 0x4b1e3784 Exception code: 0xc00000fd Fault offset: 0x0000c44d Faulting
process id: 0x1edc Faulting application start time: 0x01ccb234861ad89e Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\windows\system32\apphelp.dll
Report
Id: ec518bbd-1e27-11e1-b474-002622df0df5

[ System Events ]
Error - 1/7/2012 12:49:59 AM | Computer Name = Rebecca-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/7/2012 12:50:29 AM | Computer Name = Rebecca-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/7/2012 12:50:29 AM | Computer Name = Rebecca-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/7/2012 12:50:29 AM | Computer Name = Rebecca-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/7/2012 12:55:28 AM | Computer Name = Rebecca-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/7/2012 12:55:28 AM | Computer Name = Rebecca-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/7/2012 12:55:28 AM | Computer Name = Rebecca-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/7/2012 12:55:28 AM | Computer Name = Rebecca-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/7/2012 12:55:28 AM | Computer Name = Rebecca-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 1/7/2012 12:55:28 AM | Computer Name = Rebecca-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

< End of report >

Joyfulldreams, Jan 7, 2012

#53

Broni Malware Annihilator Posts: 39,425 +177

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [FtJthnNSvuydIr.exe] C:\ProgramData\FtJthnNSvuydIr.exe File not found
O4 - HKU\.DEFAULT..\Run: [7968a239e6bfab4.exe] "C:\windows\system32\config\systemprofile\AppData\Local\7968a239e6bfab4.exe " /autorun File not found
O4 - HKU\.DEFAULT..\Run: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
O4 - HKU\.DEFAULT..\Run: [winupd] C:\windows\TEMP [2012/01/06 19:32:24 | 000,000,000 | -HSD | M]
O4 - HKU\S-1-5-18..\Run: [7968a239e6bfab4.exe] "C:\windows\system32\config\systemprofile\AppData\Local\7968a239e6bfab4.exe " /autorun File not found
O4 - HKU\S-1-5-18..\Run: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
O4 - HKU\S-1-5-18..\Run: [winupd] C:\windows\TEMP [2012/01/06 19:32:24 | 000,000,000 | -HSD | M]
O4 - HKU\S-1-5-21-2313591606-2777530284-2021149797-1004..\Run: [AdobeBridge] File not found
O20 - Winlogon\Notify\klartew: DllName - (C:\windows\system32\config\systemprofile\AppData\Local\klartew.dll) - File not found
O33 - MountPoints2\{2141ba1a-1980-11df-95dc-002622df0df5}\Shell - "" = AutoRun
O33 - MountPoints2\{2141ba1a-1980-11df-95dc-002622df0df5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{66911b57-8849-11df-a8de-002622df0df5}\Shell - "" = AutoRun
O33 - MountPoints2\{66911b57-8849-11df-a8de-002622df0df5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{88095760-577f-11df-ad63-002622df0df5}\Shell - "" = AutoRun
O33 - MountPoints2\{88095760-577f-11df-ad63-002622df0df5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{eba91a33-e52b-11de-974a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{eba91a33-e52b-11de-974a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O37 - HKLM\...exe [@ = E7] -- "C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "%1" %* ()
O37 - HKU\.DEFAULT\...exe [@ = E7] -- "C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "%1" %* ()
O37 - HKU\S-1-5-18\...exe [@ = E7] -- "C:\windows\system32\config\systemprofile\AppData\Local\llc.exe" -a "%1" %* ()
[2012/01/05 10:56:13 | 000,000,000 | ---D | C] -- C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/06 17:26:23 | 000,000,000 | ---- | M] () -- C:\ProgramData\1j345jBv.exe.b
[2012/01/05 11:30:14 | 000,000,464 | ---- | M] () -- C:\ProgramData\ERaRwp0N8whcCE
[2012/01/05 10:56:13 | 000,000,677 | ---- | M] () -- C:\Users\Rebecca\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/06 17:26:23 | 000,111,616 | ---- | C] () -- C:\ProgramData\1j345jBv.exe
[2012/01/05 01:26:23 | 000,111,616 | ---- | C] () -- C:\windows\System32\h6v76t3.com
[2011/11/25 17:27:04 | 000,000,000 | ---- | C] () -- C:\windows\System32\h6v76t3.com.b
[2011/11/25 17:24:13 | 000,000,112 | ---- | C] () -- C:\ProgramData\YSoO7f1pp.dat
[2011/11/25 17:24:07 | 000,111,616 | ---- | C] () -- C:\windows\System32\h6v76t3.com_


:Services

:Reg

:Files
C:\windows\tasks\At*.job

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Broni, Jan 7, 2012

#54

Joyfulldreams Newcomer, in training Posts: 44

Do I paste in all that stuff that's out of that box too? Is it supposed to be all clumped like that...?

Joyfulldreams, Jan 7, 2012

#55
Broni Malware Annihilator Posts: 39,425 +177

Hold on.
Something happened to my code.

Broni, Jan 7, 2012

#56
Broni Malware Annihilator Posts: 39,425 +177

Fixed. Sorry about it

Broni, Jan 7, 2012

#57
Joyfulldreams Newcomer, in training Posts: 44

Here's the log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FtJthnNSvuydIr.exe deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\7968a239e6bfab4.exe deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\winupd deleted successfully.
C:\Windows\Temp\Windows Live Toolbar folder moved successfully.
C:\Windows\Temp\Temporary Internet Files\Content.IE5\YIUAU2FR folder moved successfully.
C:\Windows\Temp\Temporary Internet Files\Content.IE5\YI3WH8S0 folder moved successfully.
C:\Windows\Temp\Temporary Internet Files\Content.IE5\O2JLUCYK folder moved successfully.
C:\Windows\Temp\Temporary Internet Files\Content.IE5\D0B6KRI3 folder moved successfully.
C:\Windows\Temp\Temporary Internet Files\Content.IE5\9OG81HNH folder moved successfully.
C:\Windows\Temp\Temporary Internet Files\Content.IE5\8SYEC0EG folder moved successfully.
C:\Windows\Temp\Temporary Internet Files\Content.IE5\881R79XF folder moved successfully.
C:\Windows\Temp\Temporary Internet Files\Content.IE5\2ED3EPYG folder moved successfully.
C:\Windows\Temp\Temporary Internet Files\Content.IE5 folder moved successfully.
C:\Windows\Temp\Temporary Internet Files folder moved successfully.
C:\Windows\Temp\Low folder moved successfully.
C:\Windows\Temp\hsperfdata_REBECCA-PC$ folder moved successfully.
C:\Windows\Temp\History\History.IE5 folder moved successfully.
C:\Windows\Temp\History folder moved successfully.
C:\Windows\Temp\Cookies folder moved successfully.
C:\Windows\Temp\4c3f81e23f folder moved successfully.
Folder move failed. C:\Windows\Temp scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\7968a239e6bfab4.exe not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\winupd not found.
Folder move failed. C:\Windows\Temp scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-2313591606-2777530284-2021149797-1004\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klartew\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2141ba1a-1980-11df-95dc-002622df0df5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2141ba1a-1980-11df-95dc-002622df0df5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2141ba1a-1980-11df-95dc-002622df0df5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2141ba1a-1980-11df-95dc-002622df0df5}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66911b57-8849-11df-a8de-002622df0df5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66911b57-8849-11df-a8de-002622df0df5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66911b57-8849-11df-a8de-002622df0df5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66911b57-8849-11df-a8de-002622df0df5}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88095760-577f-11df-ad63-002622df0df5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88095760-577f-11df-ad63-002622df0df5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88095760-577f-11df-ad63-002622df0df5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88095760-577f-11df-ad63-002622df0df5}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eba91a33-e52b-11de-974a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eba91a33-e52b-11de-974a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eba91a33-e52b-11de-974a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eba91a33-e52b-11de-974a-806e6f6e6963}\ not found.
File E:\reatogoMenu.exe not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\E7\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\E7\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\ProgramData\1j345jBv.exe.b moved successfully.
C:\ProgramData\ERaRwp0N8whcCE moved successfully.
C:\Users\Rebecca\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
C:\ProgramData\1j345jBv.exe moved successfully.
C:\Windows\System32\h6v76t3.com moved successfully.
C:\Windows\System32\h6v76t3.com.b moved successfully.
C:\ProgramData\YSoO7f1pp.dat moved successfully.
C:\Windows\System32\h6v76t3.com_ moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\windows\tasks\At1.job moved successfully.
C:\windows\tasks\At10.job moved successfully.
C:\windows\tasks\At11.job moved successfully.
C:\windows\tasks\At12.job moved successfully.
C:\windows\tasks\At13.job moved successfully.
C:\windows\tasks\At14.job moved successfully.
C:\windows\tasks\At15.job moved successfully.
C:\windows\tasks\At16.job moved successfully.
C:\windows\tasks\At17.job moved successfully.
C:\windows\tasks\At18.job moved successfully.
C:\windows\tasks\At19.job moved successfully.
C:\windows\tasks\At2.job moved successfully.
C:\windows\tasks\At20.job moved successfully.
C:\windows\tasks\At21.job moved successfully.
C:\windows\tasks\At22.job moved successfully.
C:\windows\tasks\At23.job moved successfully.
C:\windows\tasks\At24.job moved successfully.
C:\windows\tasks\At3.job moved successfully.
C:\windows\tasks\At4.job moved successfully.
C:\windows\tasks\At5.job moved successfully.
C:\windows\tasks\At6.job moved successfully.
C:\windows\tasks\At7.job moved successfully.
C:\windows\tasks\At8.job moved successfully.
C:\windows\tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rebecca
->Temp folder emptied: 2006 bytes
->Temporary Internet Files folder emptied: 17994150 bytes
->Java cache emptied: 10861024 bytes
->FireFox cache emptied: 58593007 bytes
->Google Chrome cache emptied: 234627159 bytes
->Flash cache emptied: 3427610 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2639872 bytes
%systemroot%\System32 .tmp files removed: 356864 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68822 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 313.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Rebecca
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01062012_221035

Files\Folders moved on Reboot...
C:\Windows\Temp\Temporary Internet Files\Content.IE5\KY8KNZWW folder moved successfully.
C:\Windows\Temp\Temporary Internet Files\Content.IE5\GVDXRE9M folder moved successfully.
C:\Windows\Temp\Temporary Internet Files\Content.IE5\EN5U5JVW folder moved successfully.
C:\Windows\Temp\Temporary Internet Files\Content.IE5\CJ0A5W5A folder moved successfully.
Folder move failed. C:\Windows\Temp\Temporary Internet Files\Content.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\Temp\Temporary Internet Files scheduled to be moved on reboot.
Folder move failed. C:\Windows\Temp\History\History.IE5 scheduled to be moved on reboot.
Folder move failed. C:\Windows\Temp\History scheduled to be moved on reboot.
Folder move failed. C:\Windows\Temp\Cookies scheduled to be moved on reboot.
Folder move failed. C:\Windows\Temp scheduled to be moved on reboot.
File\Folder C:\windows\temp\mcmsc_v5GgELjfLaA7h0f not found!

Registry entries deleted on Reboot...

By the way, I'm sorry this is getting so long and drawn-out, and thanks for lending so much of your time to help me. ^_^

Joyfulldreams, Jan 7, 2012

#58
Broni Malware Annihilator Posts: 39,425 +177

You're very welcome

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Only one log will be produced.

Broni, Jan 7, 2012

#59
Joyfulldreams Newcomer, in training Posts: 44

OTL logfile created on: 1/6/2012 10:27:03 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rebecca\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 65.36% Memory free
5.87 Gb Paging File | 4.75 Gb Available in Paging File | 81.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 187.67 Gb Total Space | 18.77 Gb Free Space | 10.00% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 29.54 Gb Free Space | 97.65% Space Free | Partition Type: NTFS
Drive F: | 3.61 Gb Total Space | 3.21 Gb Free Space | 89.04% Space Free | Partition Type: FAT32

Computer Name: REBECCA-PC | User Name: Rebecca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/06 20:47:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rebecca\Desktop\OTL.exe
PRC - [2011/10/25 21:57:33 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Rebecca\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/09/19 02:31:10 | 002,221,200 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2011/09/19 02:30:52 | 003,663,488 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_Giraffic.exe
PRC - [2011/08/26 13:22:27 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/15 20:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/30 02:11:16 | 002,648,184 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/23 08:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\DIBS\DDNIService.exe
PRC - [2010/07/20 10:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
PRC - [2010/05/20 14:27:26 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/29 08:23:20 | 004,114,288 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2009/09/29 08:22:46 | 005,064,560 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2009/08/24 08:15:32 | 000,221,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
PRC - [2009/08/12 00:09:32 | 000,683,576 | ---- | M] (Conexant Systems, Inc) -- C:\Program Files\CONEXANT\SAII\SmartAudio.exe
PRC - [2009/07/14 06:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/18 11:59:48 | 001,349,912 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2009/06/04 11:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 11:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/22 18:33:28 | 000,544,768 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/05/07 14:28:32 | 000,591,696 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/01/11 09:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/07 10:40:34 | 000,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Wacom_TabletUser.exe
PRC - [2007/09/07 10:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
PRC - [2007/02/20 10:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/10 07:10:00 | 000,240,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a5feb05f9283b0e79e0959b5df220130\WindowsFormsIntegration.ni.dll
MOD - [2011/11/10 07:08:31 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011/11/10 07:08:04 | 014,322,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011/11/10 07:07:49 | 012,216,320 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011/11/10 07:07:37 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011/11/10 07:06:09 | 000,220,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\545f2e1ca544c2a8a39cbf8565e1c709\CustomMarshalers.ni.dll
MOD - [2011/11/10 07:03:44 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\168c6417c92bdddd10809791ed32be3e\Microsoft.VisualBasic.ni.dll
MOD - [2011/11/10 07:03:15 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/11/10 07:03:00 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/11/10 07:02:51 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll
MOD - [2011/11/10 07:02:38 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/11/10 07:02:34 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/11/10 07:02:29 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/11/10 07:02:23 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/26 13:22:27 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/07/28 15:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 15:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/21 05:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011/06/20 05:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011/06/20 03:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011/06/20 03:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011/06/20 03:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011/06/20 03:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011/05/26 01:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011/05/26 01:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2009/06/10 13:22:50 | 000,069,120 | ---- | M] () -- C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2008/12/19 19:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008/12/19 19:20:08 | 000,051,016 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/09/19 02:31:10 | 002,221,200 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/07/23 08:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2010/07/20 10:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2010/05/20 14:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/04/09 17:57:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/14 08:01:06 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Paused] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/22 10:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009/08/14 06:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009/07/14 06:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\System32\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/18 11:59:48 | 001,349,912 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009/06/04 11:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/11 09:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/07 10:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)

========== Driver Services (SafeList) ==========

DRV - [2010/05/20 14:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/12/09 17:44:31 | 000,054,800 | ---- | M] () [Kernel | System | Running] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 16:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/14 10:04:28 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/28 13:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009/07/21 13:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/16 04:37:14 | 000,011,792 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009/07/13 15:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/06/19 08:18:26 | 000,168,704 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMIksdrv.sys -- (usbsmi)
DRV - [2009/06/14 18:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/05/19 05:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/04/09 06:23:02 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/08/06 04:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 10:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/09/23 21:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/?src=startp...b63d&browser=IE&os=win&os_version=6.1-x86-SP0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = DE 1E C5 02 F7 73 5D 41 96 2D 3E 15 3F 14 EC 52 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b8dfb75b-7677-4af9-8bd7-8a59252c07ff}:1.0
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.7
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {d0e069e9-5356-44c8-978d-bbded70f2bb8}:1.0
FF - prefs.js..extensions.enabledItems: {021a4511-3e83-413b-8866-33aea6861b4a}:1.0
FF - prefs.js..extensions.enabledItems: {dfcc1bf1-a0cf-4ef9-92a2-1f30dda918b5}:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledItems: {4b151e38-c5e9-4a91-9b09-de0251ca8f38}:1.0
FF - prefs.js..keyword.URL: "http://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110722&user_guid=B1D4A0B552094CC9AFC2783D9CA01B2C&machine_id=d8a85fe37134c5c894feb59d264fb63d&browser=FF&os=win&os_version=6.1-x86-SP0&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Rebecca\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Rebecca\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rebecca\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rebecca\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 16:08:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/09 16:37:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/19 13:22:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 15:19:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 15:19:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 16:08:28 | 000,000,000 | ---D | M]

[2010/02/09 04:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Extensions
[2011/12/22 14:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions
[2011/09/17 08:58:50 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{021a4511-3e83-413b-8866-33aea6861b4a}
[2011/11/23 17:05:51 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{4b151e38-c5e9-4a91-9b09-de0251ca8f38}
[2010/05/03 16:19:46 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011/11/18 21:24:10 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2011/06/09 16:35:41 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{b8dfb75b-7677-4af9-8bd7-8a59252c07ff}
[2011/11/18 21:24:10 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/09/04 16:54:05 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{d0e069e9-5356-44c8-978d-bbded70f2bb8}
[2011/09/21 16:10:13 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\{dfcc1bf1-a0cf-4ef9-92a2-1f30dda918b5}
[2011/08/15 21:30:42 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\extensions\plugin@yontoo.com
[2011/07/22 13:00:58 | 000,002,259 | ---- | M] () -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\searchplugins\bing-zugo.xml
[2011/03/21 13:46:56 | 000,000,933 | ---- | M] () -- C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\1st9cd76.default\searchplugins\conduit.xml
[2011/09/01 16:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/13 07:30:23 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/11 12:37:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/27 20:13:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/19 13:22:02 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010/03/02 16:08:28 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Rebecca\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Rebecca\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Rebecca\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rebecca\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Turn Off the Lights = C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.31_0\
CHR - Extension: YouTube = C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google Search = C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: SiteAdvisor = C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Gmail = C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/01/06 13:25:59 | 000,001,626 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

Joyfulldreams, Jan 7, 2012

#60

Page 3 of 4

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.