TechSpot

Yet another infected with a virus attacking svchost.exe

Solved
By A_Wisdom
Sep 21, 2012
  1. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-09-2012
    Ran by SYSTEM at 23-09-2012 17:43:58
    Running from I:\
    Windows 7 Home Premium (X86) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2595792 2008-04-09] (Acronis)
    HKLM\...\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [642856 2008-12-12] (Cisco Systems, Inc.)
    HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1778064 2010-07-21] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1821576 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [HP KEYBOARDg] "C:\Program Files\Hewlett-Packard\HP Wireless Elite Desktop\HPKEYBOARDg.EXE" [701592 2009-07-23] (Hewlett-Packard)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [909208 2008-04-09] (Acronis)
    HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [136472 2008-04-09] (Acronis)
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
    HKU\HP_Owner\...\Run: [AdobeBridge] [x]
    HKU\HP_Owner\...\Run: [TrayStatus] "C:\Program Files\TrayStatus\TrayStatus.exe" [283032 2011-05-18] (Binary Fortress Software)
    HKU\HP_Owner\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
    HKU\HP_Owner\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
    HKU\HP_Owner\...\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe [7811592 2009-12-16] ()
    HKU\HP_Owner\...\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1025320 2009-04-24] (SupportSoft, Inc.)
    HKU\HP_Owner\...\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" [545552 2012-08-25] (SANDBOXIE L.T.D)
    Winlogon\Notify\PFW:
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 75.75.75.75 75.75.76.76
    Lsa: [Authentication Packages] msv1_0 relog_ap
    ==================== Services (Whitelisted) ===================
    2 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [431384 2008-04-09] (Acronis)
    2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
    2 Autodesk Content Service; "C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-02] ()
    2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe service [182784 2012-05-14] ()
    3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [1044816 2012-03-31] (Flexera Software, Inc.)
    2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
    2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
    3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [114144 2012-09-05] (Mozilla Foundation)
    2 nmservice; "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [642856 2008-12-12] (Cisco Systems, Inc.)
    2 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [85776 2012-08-25] (SANDBOXIE L.T.D)
    3 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 TryAndDecideService; "C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [492896 2008-04-09] ()
    2 LinksysUpdater; "C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "C:\Program Files\Linksys\Linksys Updater\conf\wrapper.conf" [x]
    3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]
    ==================== Drivers (Whitelisted) ====================
    3 catchme; \??\C:\Users\HP_Owner\AppData\Local\Temp\catchme.sys [31744 2012-09-23] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)
    3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21520 2010-07-21] (Microsoft Corporation)
    3 P1130VID; C:\Windows\System32\DRIVERS\P1130Vid.sys [90229 2004-05-04] (Creative Technology Ltd.)
    2 PEVSystemStart; "C:\A_Wisdom_Fix5437A\pev.3XE" EXEC /I "C:\A_Wisdom_Fix5437A\HIDEC.3XE" "C:\A_Wisdom_Fix5437A\SWREG.3XE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q [518144 2000-08-30] (SteelWerX)
    2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24880 2008-12-12] (Cisco Systems, Inc.)
    2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26416 2008-12-12] (Cisco Systems, Inc.)
    3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [157776 2012-08-25] (SANDBOXIE L.T.D)
    0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2010-01-23] (Acronis)
    2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2010-01-23] (Acronis)
    3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22792 2009-09-11] (Logitech Inc.)
    3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [35592 2009-09-11] (Logitech Inc.)
    3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14984 2009-09-11] (Logitech Inc.)
    3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66056 2009-09-11] (Logitech Inc.)
    3 cpuz132; \??\C:\Users\HP_Owner\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2012-09-23 12:46 - 2012-09-23 12:46 - 00000000 ___SD C:\A_Wisdom_Fix5437A
    2012-09-23 10:56 - 2012-09-23 10:58 - 00000000 ___SD C:\A_Wisdom_Fix
    2012-09-23 10:47 - 2012-09-23 10:47 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\HP_Owner\Desktop\iExplore.exe
    2012-09-23 10:46 - 2012-09-23 10:46 - 04755721 ____R (Swearware) C:\Users\HP_Owner\Desktop\A_Wisdom_Fix.exe
    2012-09-22 23:23 - 2012-09-23 12:45 - 00006972 ____A C:\Users\HP_Owner\Desktop\Rkill.txt
    2012-09-22 20:46 - 2012-09-22 20:46 - 00000000 ____D C:\Qoobox
    2012-09-22 20:46 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-09-22 20:46 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-09-22 20:46 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-09-22 20:46 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-09-22 20:46 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-09-22 20:46 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-09-22 20:46 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-09-22 20:46 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-09-22 20:45 - 2012-09-22 20:45 - 00000000 ____D C:\Windows\erdnt
    2012-09-22 20:35 - 2012-09-22 20:35 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\HP_Owner\Desktop\rkill.exe
    2012-09-22 16:36 - 2012-09-22 16:47 - 00000000 ____D C:\Users\HP_Owner\Desktop\RK_Quarantine
    2012-09-22 16:24 - 2011-01-01 00:14 - 00002254 ___RA C:\Users\HP_Owner\Desktop\eula.txt
    2012-09-22 13:03 - 2012-09-23 12:38 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-09-22 11:15 - 2012-09-22 11:16 - 00001533 ____A C:\Windows\pcsetup.log
    2012-09-22 11:14 - 2012-09-22 11:14 - 00002498 ____A C:\Windows\System32\FDInstall.log
    2012-09-22 08:29 - 2012-09-22 08:29 - 00000000 ____A C:\Users\HP_Owner\Desktop\New Text Document.txt
    2012-09-21 13:25 - 2012-09-21 13:25 - 00000870 ____A C:\Users\All Users\ltgubaa.tmp
    2012-09-21 13:25 - 2012-09-21 13:25 - 00000869 ____A C:\Users\All Users\ktgubaa.tmp
    2012-09-21 13:18 - 2012-09-21 13:18 - 00000873 ____A C:\Users\All Users\bcfrhaa.tmp
    2012-09-21 13:11 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-21 13:11 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-21 13:11 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-21 13:11 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-21 13:11 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-21 13:11 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-21 13:11 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-21 13:11 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-21 13:11 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-21 13:11 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-21 13:11 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-21 13:11 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-21 13:11 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-21 13:11 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-21 13:11 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-21 13:11 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-21 12:15 - 2012-09-21 12:15 - 00607260 ____A (Swearware) C:\Users\HP_Owner\Downloads\dds.scr
    2012-09-20 13:47 - 2012-09-20 13:47 - 00000040 ____A C:\Users\HP_Owner\AppData\Roaming\mbam.context.scan
    2012-09-19 17:44 - 2012-09-19 17:44 - 00000872 ____A C:\Users\All Users\gpxbbaa.tmp
    2012-09-19 17:44 - 2012-09-19 17:44 - 00000862 ____A C:\Users\All Users\hpxbbaa.tmp
    2012-09-19 16:44 - 2012-09-19 16:44 - 223850095 ____A C:\Windows\MEMORY.DMP
    2012-09-19 16:44 - 2012-09-19 16:44 - 00146088 ____A C:\Windows\Minidump\091912-16738-01.dmp
    2012-09-19 15:07 - 2012-09-19 15:07 - 00000000 ____D C:\Program Files\ESET
    2012-09-19 14:36 - 2012-09-19 14:36 - 00000000 ____D C:\Users\HP_Owner\AppData\Local\Macromedia
    2012-09-19 12:52 - 2012-09-19 12:52 - 00000000 ____D C:\Program Files\Common Files\Java
    2012-09-19 12:51 - 2012-09-19 12:50 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-09-19 12:40 - 2012-09-19 17:41 - 00000000 ____D C:\Program Files\PC Cleanup Utility
    2012-09-19 12:40 - 2012-09-19 12:40 - 00000000 ____D C:\Users\HP_Owner\AppData\Local\PC Cleanup Utility Inc
    2012-09-19 12:40 - 2012-09-19 12:40 - 00000000 ____D C:\Users\All Users\PC Cleanup Utility Inc
    2012-09-19 12:40 - 2012-09-19 12:40 - 00000000 ____D C:\Users\All Users\Browser Manager
    2012-09-19 09:27 - 2012-09-19 09:27 - 00000005 ____A C:\0.bak
    2012-09-18 16:17 - 2012-09-18 16:17 - 00001184 ____A C:\Windows\IE9_main.log
    2012-09-17 05:52 - 2012-09-23 16:33 - 00001960 ____A C:\Windows\setupact.log
    2012-09-17 05:52 - 2012-09-23 15:53 - 00084848 ____A C:\Windows\PFRO.log
    2012-09-17 05:52 - 2012-09-17 05:52 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-16 16:42 - 2012-09-16 16:42 - 00000000 ____D C:\sh4ldr
    2012-09-16 16:42 - 2012-09-16 16:42 - 00000000 ____D C:\Program Files\Enigma Software Group
    2012-09-16 13:07 - 2012-09-23 16:33 - 00000498 ____A C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    2012-09-16 11:50 - 2012-08-22 09:16 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-09-16 11:50 - 2012-08-22 09:16 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-09-16 11:50 - 2012-08-22 09:16 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-09-16 11:50 - 2012-08-22 09:16 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-09-16 11:50 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-09-16 11:50 - 2012-07-04 11:45 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
    2012-09-15 19:33 - 2012-09-15 19:33 - 00000000 ____D C:\Motorola
    2012-09-15 19:06 - 2012-09-22 12:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-09-15 19:06 - 2012-09-16 19:37 - 00000000 ____D C:\Users\HP_Owner\AppData\Roaming\Malwarebytes
    2012-09-15 19:06 - 2012-09-15 19:06 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-15 19:06 - 2012-09-07 16:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-15 18:58 - 2012-09-22 13:04 - 00002224 ____A C:\Windows\Sandboxie.ini
    2012-09-15 18:49 - 2012-09-15 18:49 - 00001760 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-09-15 18:49 - 2012-08-21 12:01 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-09-15 18:48 - 2012-09-15 18:49 - 00000000 ____D C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-09-15 18:48 - 2012-09-15 18:49 - 00000000 ____D C:\Program Files\iTunes
    2012-09-15 18:48 - 2012-09-15 18:48 - 00000000 ____D C:\Program Files\iPod
    2012-09-15 15:04 - 2012-09-15 15:04 - 00000000 ____D C:\Users\HP_Owner\AppData\Roaming\SUPERAntiSpyware.com
    2012-09-15 15:04 - 2012-09-15 15:04 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
    2012-09-02 13:00 - 2012-09-15 17:19 - 00000000 ____D C:\Users\HP_Owner\AppData\Roaming\xsecva
    2012-09-02 12:58 - 2012-09-15 17:19 - 00000000 ____D C:\Users\HP_Owner\AppData\Local\{E30CF1F5-F540-11E1-8270-B8AC6F996F26}
    2012-09-02 12:58 - 2012-09-15 16:43 - 00000000 ____A C:\Users\HP_Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
    2012-09-01 12:30 - 2012-09-03 18:16 - 00000000 ____D C:\Users\HP_Owner\AppData\Local\Xobni
    2012-09-01 12:29 - 2012-09-15 17:19 - 00000000 ____D C:\Program Files\Xobni
    2012-08-31 10:17 - 2012-08-31 10:17 - 00000380 ____A C:\edu.bmp
    2012-08-29 16:13 - 2012-09-21 17:31 - 00000000 ____D C:\Users\HP_Owner\Desktop\2012-08-29 AW_Card
    2012-08-29 13:07 - 2012-08-29 13:07 - 00000304 ____A C:\dir.bmp
    2012-08-28 23:36 - 2012-08-28 23:37 - 17789456 ____A (Mozilla) C:\Users\HP_Owner\Downloads\Firefox Setup 15.0.exe
    2012-08-28 20:11 - 2012-08-29 22:54 - 00000000 ____D C:\Users\HP_Owner\Desktop\Galeries
    2012-08-25 21:34 - 2012-08-25 21:34 - 00000000 ____D C:\Users\HP_Owner\AppData\Roaming\Nero
    2012-08-25 21:01 - 2012-09-15 17:19 - 00000000 ____D C:\Sandbox
    2012-08-25 20:58 - 2012-09-15 18:57 - 00000000 ____D C:\Program Files\Sandboxie
    2012-08-25 20:45 - 2012-08-25 20:45 - 16476616 ____A (Microsoft Corporation) C:\Users\HP_Owner\Downloads\Windows-KB890830-V4.11 (1).exe
    2012-08-25 20:31 - 2012-09-15 19:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2012-08-25 20:31 - 2012-08-25 20:31 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-08-25 12:38 - 2012-09-15 17:19 - 00000000 ____D C:\Users\All Users\036DFF8502FA96D5026EDA02F875F020
    2012-08-24 11:10 - 2012-08-24 14:45 - 00000000 ____D C:\fcbce6b505fad7c66dd8138645

    ==================== 3 Months Modified Files ==================
    2012-09-23 16:33 - 2012-09-17 05:52 - 00001960 ____A C:\Windows\setupact.log
    2012-09-23 16:33 - 2012-09-16 13:07 - 00000498 ____A C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    2012-09-23 16:33 - 2012-08-13 06:05 - 00000384 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
    2012-09-23 16:33 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-23 16:25 - 2010-01-23 14:18 - 00823948 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-23 16:21 - 2010-01-23 13:48 - 01741533 ____A C:\Windows\WindowsUpdate.log
    2012-09-23 16:13 - 2009-07-13 20:34 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-23 16:13 - 2009-07-13 20:34 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-23 15:53 - 2012-09-17 05:52 - 00084848 ____A C:\Windows\PFRO.log
    2012-09-23 12:45 - 2012-09-22 23:23 - 00006972 ____A C:\Users\HP_Owner\Desktop\Rkill.txt
    2012-09-23 12:38 - 2012-09-22 13:03 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-09-23 11:41 - 2012-04-15 23:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-23 10:47 - 2012-09-23 10:47 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\HP_Owner\Desktop\iExplore.exe
    2012-09-23 10:46 - 2012-09-23 10:46 - 04755721 ____R (Swearware) C:\Users\HP_Owner\Desktop\A_Wisdom_Fix.exe
    2012-09-22 20:35 - 2012-09-22 20:35 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\HP_Owner\Desktop\rkill.exe
    2012-09-22 17:00 - 2012-03-31 16:56 - 00000474 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
    2012-09-22 13:04 - 2012-09-15 18:58 - 00002224 ____A C:\Windows\Sandboxie.ini
    2012-09-22 11:17 - 2011-09-03 02:02 - 00229228 ____A C:\Windows\System32\Drivers\KmxAgent.asc
    2012-09-22 11:16 - 2012-09-22 11:15 - 00001533 ____A C:\Windows\pcsetup.log
    2012-09-22 11:14 - 2012-09-22 11:14 - 00002498 ____A C:\Windows\System32\FDInstall.log
    2012-09-22 08:29 - 2012-09-22 08:29 - 00000000 ____A C:\Users\HP_Owner\Desktop\New Text Document.txt
    2012-09-21 13:25 - 2012-09-21 13:25 - 00000870 ____A C:\Users\All Users\ltgubaa.tmp
    2012-09-21 13:25 - 2012-09-21 13:25 - 00000869 ____A C:\Users\All Users\ktgubaa.tmp
    2012-09-21 13:18 - 2012-09-21 13:18 - 00000873 ____A C:\Users\All Users\bcfrhaa.tmp
    2012-09-21 12:15 - 2012-09-21 12:15 - 00607260 ____A (Swearware) C:\Users\HP_Owner\Downloads\dds.scr
    2012-09-20 18:41 - 2012-04-15 23:31 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-09-20 18:41 - 2011-05-15 13:03 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-09-20 13:47 - 2012-09-20 13:47 - 00000040 ____A C:\Users\HP_Owner\AppData\Roaming\mbam.context.scan
    2012-09-20 07:35 - 2012-03-31 16:56 - 00000446 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
    2012-09-20 02:00 - 2012-03-31 21:12 - 00000388 ____A C:\Windows\Tasks\ErrorEND.job
    2012-09-19 17:44 - 2012-09-19 17:44 - 00000872 ____A C:\Users\All Users\gpxbbaa.tmp
    2012-09-19 17:44 - 2012-09-19 17:44 - 00000862 ____A C:\Users\All Users\hpxbbaa.tmp
    2012-09-19 16:44 - 2012-09-19 16:44 - 223850095 ____A C:\Windows\MEMORY.DMP
    2012-09-19 16:44 - 2012-09-19 16:44 - 00146088 ____A C:\Windows\Minidump\091912-16738-01.dmp
    2012-09-19 12:50 - 2012-09-19 12:51 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-09-19 09:27 - 2012-09-19 09:27 - 00000005 ____A C:\0.bak
    2012-09-18 16:17 - 2012-09-18 16:17 - 00001184 ____A C:\Windows\IE9_main.log
    2012-09-18 16:06 - 2012-04-01 18:13 - 00013338 ____A C:\0
    2012-09-17 17:53 - 2009-07-13 20:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-17 05:52 - 2012-09-17 05:52 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-16 19:12 - 2010-01-23 14:44 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-09-16 08:03 - 2012-03-31 16:56 - 00000402 ____A C:\Windows\Tasks\SpeedyPC Pro.job
    2012-09-15 18:49 - 2012-09-15 18:49 - 00001760 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-09-15 16:43 - 2012-09-02 12:58 - 00000000 ____A C:\Users\HP_Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
    2012-09-07 16:04 - 2012-09-15 19:06 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-31 10:17 - 2012-08-31 10:17 - 00000380 ____A C:\edu.bmp
    2012-08-29 13:07 - 2012-08-29 13:07 - 00000304 ____A C:\dir.bmp
    2012-08-28 23:37 - 2012-08-28 23:36 - 17789456 ____A (Mozilla) C:\Users\HP_Owner\Downloads\Firefox Setup 15.0.exe
    2012-08-25 20:45 - 2012-08-25 20:45 - 16476616 ____A (Microsoft Corporation) C:\Users\HP_Owner\Downloads\Windows-KB890830-V4.11 (1).exe
    2012-08-23 23:27 - 2012-09-21 13:11 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-23 23:03 - 2012-09-21 13:11 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-23 22:59 - 2012-09-21 13:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-23 22:51 - 2012-09-21 13:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-21 13:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-23 22:51 - 2012-09-21 13:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-23 22:49 - 2012-09-21 13:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-23 22:48 - 2012-09-21 13:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-23 22:47 - 2012-09-21 13:11 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-23 22:47 - 2012-09-21 13:11 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-23 22:47 - 2012-09-21 13:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-21 13:11 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-23 22:44 - 2012-09-21 13:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-23 22:44 - 2012-09-21 13:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-23 22:43 - 2012-09-21 13:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-23 22:40 - 2012-09-21 13:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-22 09:16 - 2012-09-16 11:50 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 09:16 - 2012-09-16 11:50 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 09:16 - 2012-09-16 11:50 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 09:16 - 2012-09-16 11:50 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 12:01 - 2012-09-15 18:49 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-08-21 12:01 - 2011-11-03 23:22 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll
    2012-08-15 20:43 - 2012-08-15 20:43 - 01688511 ____A C:\Users\HP_Owner\Desktop\Horvitz Elevs.dwg
    2012-08-15 20:43 - 2012-08-15 20:43 - 01328113 ____A C:\Users\HP_Owner\Desktop\Horvitz - Details.dwg
    2012-08-15 20:22 - 2009-07-13 20:33 - 04112744 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-13 06:25 - 2012-07-30 21:11 - 04503728 ___AT C:\Users\All Users\ras_0oed.pad
    2012-08-09 11:27 - 2012-08-09 11:27 - 00001562 ____A C:\Users\HP_Owner\Desktop\Network Drives.lnk
    2012-08-09 10:29 - 2012-08-08 13:57 - 19581440 ____A (Netgear Inc.) C:\Users\HP_Owner\Documents\RAIDar_Win.exe
    2012-08-02 08:57 - 2012-09-16 11:50 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-07-26 14:05 - 2012-07-26 14:05 - 01290089 ____A C:\Users\HP_Owner\Desktop\SITEPLAN.DWG
    2012-07-18 09:47 - 2012-08-15 06:37 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-10 12:30 - 2009-07-13 18:04 - 00000499 ____A C:\Windows\win.ini
    2012-07-04 13:16 - 2012-08-15 06:37 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-07-04 13:14 - 2012-08-15 06:37 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-07-04 13:14 - 2012-08-15 06:37 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-07-04 11:45 - 2012-09-16 11:50 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\explorer.exe
    [2011-04-27 09:37] - [2010-11-20 04:21] - 2640896 ____A (Microsoft Corporation) C2D18B7A36CF417AD78A5CE153636D60
    C:\Windows\System32\winlogon.exe
    [2011-07-09 07:56] - [2010-11-20 04:21] - 0311296 ____A (Microsoft Corporation) 187867056AE4C401DE297E6A2BD4FABE
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe
    [2009-07-13 15:19] - [2010-11-20 04:21] - 0045568 ____A (Microsoft Corporation) 32CF5E31B02C0709D92C0B95948D2B22
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-09-16 14:05:25
    Restore point made on: 2012-09-16 14:24:07
    Restore point made on: 2012-09-16 14:41:48
    Restore point made on: 2012-09-16 19:12:19
    Restore point made on: 2012-09-16 21:39:21
    Restore point made on: 2012-09-17 05:49:05
    Restore point made on: 2012-09-17 22:56:47
    Restore point made on: 2012-09-17 23:03:40
    Restore point made on: 2012-09-18 17:07:13
    Restore point made on: 2012-09-19 09:27:12
    Restore point made on: 2012-09-19 10:38:43
    Restore point made on: 2012-09-19 12:50:19
    Restore point made on: 2012-09-19 14:37:43
    Restore point made on: 2012-09-21 13:11:26
    Restore point made on: 2012-09-22 11:16:00
    Restore point made on: 2012-09-22 20:42:06
    Restore point made on: 2012-09-23 12:24:46
    ==================== Memory info ===========================
    Percentage of memory in use: 23%
    Total physical RAM: 2009.55 MB
    Available physical RAM: 1541.77 MB
    Total Pagefile: 2009.55 MB
    Available Pagefile: 1553.25 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1970.3 MB
    ==================== Partitions =============================
    1 Drive c: (Desktop) (Fixed) (Total:232.89 GB) (Free:145.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (GRMCHPFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
    7 Drive I: (UDISK) (Removable) (Total:7.63 GB) (Free:0.74 GB) FAT32
    10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 Online 7830 MB 0 B
    Disk 6 No Media 0 B 0 B
    Disk 7 No Media 0 B 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 232 GB 31 KB
    =========================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C Desktop NTFS Partition 232 GB Healthy
    =========================================================
    Partitions of Disk 5:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7827 MB 2784 KB
    =========================================================
    Disk: 5
    Partition 1
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I UDISK FAT32 Removable 7827 MB Healthy
    =========================================================
    Last Boot: 2012-09-16 01:08
    ==================== End Of Log ============================
     
  2. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    Farbar Recovery Scan Tool (x86) Version: 22-09-2012
    Ran by SYSTEM at 2012-09-23 17:46:04
    Running from I:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
    === End Of Search ===
     
  3. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally, create new restore point and see if Combofix will run.
     

    Attached Files:

  4. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    Not sure if I ran the Fix correctly. It seemed to un fine, but still cant get Combofix to complete. After I ran the fix in FRST, I reboot to norman and ran Combofix. It locked after 5 minutes, but I let it go for 40 minutes before I reboot. I boot to Safe Mode and ran Combofix again. This time the clock didn't lock up for 28 minutes. After 35 minutes I reboot and came to post.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-09-2012
    Ran by SYSTEM at 2012-09-23 19:20:48 Run:1
    Running from I:\
    ==============================================
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Users\All Users\ltgubaa.tmp moved successfully.
    C:\Users\All Users\ktgubaa.tmp moved successfully.
    C:\Users\All Users\bcfrhaa.tmp moved successfully.
    C:\Users\All Users\gpxbbaa.tmp moved successfully.
    C:\Users\All Users\hpxbbaa.tmp moved successfully.
    C:\Windows\System32\svchost.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe copied successfully to C:\Windows\System32\svchost.exe
    C:\Windows\System32\winlogon.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe copied successfully to C:\Windows\System32\winlogon.exe
    C:\Windows\explorer.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe copied successfully to C:\Windows\explorer.exe
    ==== End of Fixlog ====
     
  5. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    Just as a note:
    I just ran a Google search and was NOT redirected after clicking a link ----- that's a HUGE improvement!
    Nor am I getting the constant pop-up from Malwarebytes telling me it has successfully blocked an IP address ---- another HUGE improvement!
     
  6. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Very good :)

    Give me fresh RogueKiller and rKill logs.
     
  7. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : HP_Owner [Admin rights]
    Mode : Scan -- Date : 09/24/2012 09:47:54
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    _INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0x8311063A)
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    [...]

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST3250318AS ATA Device +++++
    --- User ---
    [MBR] 6e7de95dad4e19bb7e44c88b8c00d346
    [BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238475 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  8. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : HP_Owner [Admin rights]
    Mode : Remove -- Date : 09/24/2012 09:48:11
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    _INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0x8311063A)
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    [...]

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST3250318AS ATA Device +++++
    --- User ---
    [MBR] 6e7de95dad4e19bb7e44c88b8c00d346
    [BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238475 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  9. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    Rkill 2.4.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 09/24/2012 09:53:42 AM in x86 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * No issues found.
    Checking Windows Service Integrity:
    * No issues found.
    Searching for Missing Digital Signatures:
    * No issues found.
    Checking HOSTS File:
    * HOSTS file entries found:
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    20 out of 15123 HOSTS entries shown.
    Please review HOSTS file for further entries.
    Program finished at: 09/24/2012 09:53:48 AM
    Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)
     
  10. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Very good :)

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    OTL logfile created on: 9/24/2012 10:08:20 AM - Run 1
    OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\HP_Owner\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.96 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 64.51% Memory free
    3.92 Gb Paging File | 2.95 Gb Available in Paging File | 75.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.89 Gb Total Space | 145.51 Gb Free Space | 62.48% Space Free | Partition Type: NTFS

    Computer Name: DESKTOP | User Name: HP_Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/24 10:06:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP_Owner\Desktop\OTL.exe
    PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/08/25 13:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
    PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/05/14 14:46:14 | 000,182,784 | ---- | M] () -- C:\Program Files\Allway Sync\Bin\SyncService.exe
    PRC - [2011/12/06 14:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    PRC - [2011/12/06 14:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    PRC - [2011/05/18 09:32:50 | 000,283,032 | ---- | M] (Binary Fortress Software) -- C:\Program Files\TrayStatus\TrayStatus.exe
    PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
    PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/07/23 16:24:32 | 000,701,592 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Elite Desktop\HPKEYBOARDg.EXE
    PRC - [2009/03/27 23:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
    PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2008/04/09 22:42:00 | 000,492,896 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    PRC - [2008/04/09 21:23:22 | 000,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    PRC - [2008/04/09 21:14:28 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2008/04/09 21:14:18 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2008/04/09 21:11:24 | 002,595,792 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/13 20:55:58 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/13 20:55:50 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/05/12 00:34:30 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/12 00:34:25 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2011/12/06 14:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/06/17 11:46:04 | 008,626,176 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
    MOD - [2011/06/17 11:46:02 | 002,408,448 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
    MOD - [2011/06/17 11:46:02 | 000,212,992 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    MOD - [2010/01/03 14:46:18 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2008/12/12 18:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
    MOD - [2008/12/12 18:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
    MOD - [2008/04/09 19:46:56 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
    SRV - [2012/09/20 19:42:03 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/09/05 18:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/08/25 13:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
    SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/05/14 14:46:14 | 000,182,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Allway Sync\Bin\SyncService.exe -- (BotkindSyncService)
    SRV - [2012/03/31 23:22:05 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/12/06 14:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
    SRV - [2011/06/25 23:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\A_Wisdom_Fix12817A\pev.3XE -- (PEVSystemStart)
    SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
    SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/05/07 18:23:01 | 000,390,952 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/03/04 19:15:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/11/06 12:58:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/03/27 23:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2008/11/13 12:43:49 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
    SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/04/09 22:42:00 | 000,492,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
    SRV - [2008/04/09 21:14:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\HP_Owner\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
    DRV - [2012/09/23 11:57:43 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\HP_Owner\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/08/25 13:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
    DRV - [2011/08/01 15:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
    DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/01/23 18:11:12 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
    DRV - [2010/01/23 18:11:12 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2010/01/23 18:11:09 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
    DRV - [2010/01/23 18:11:05 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
    DRV - [2009/09/11 13:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
    DRV - [2009/09/11 13:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
    DRV - [2009/09/11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
    DRV - [2009/09/11 13:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
    DRV - [2009/08/13 16:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/12/12 18:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
    DRV - [2008/12/12 18:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
    DRV - [2008/07/22 08:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2004/05/04 06:48:00 | 000,090,229 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P1130Vid.sys -- (P1130VID)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
    IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
    IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Personal.htm
    IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 65 0E 11 89 7C CB 01 [binary data]
    IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\SearchScopes,DefaultScope = {B1FA87B9-86EC-4D8B-8516-61214C576AE9}
    IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\SearchScopes\{73D67C89-8194-42FE-BAD4-7BC93ADC660C}: "URL" =
    IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\SearchScopes\{B1FA87B9-86EC-4D8B-8516-61214C576AE9}: "URL" = http://www.google.com/search?q={sea...tIndex?}&startPage={startPage}&rlz=1I7ADFA_en
    IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
    IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>;192.168.*.*

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: ieurwbofrk@ieurwbofrk.org:2.5
    FF - prefs.js..extensions.enabledItems: caaphishtoolbar@ca.com:2.0.0.108
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP_Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\caaphishtoolbar@ca.com: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/15 20:03:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/19 18:41:15 | 000,000,000 | ---D | M]

    [2010/11/04 17:59:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP_Owner\AppData\Roaming\mozilla\Extensions
    [2012/09/15 18:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP_Owner\AppData\Roaming\mozilla\Firefox\Profiles\0l621xpy.default\extensions
    [2012/09/15 18:19:35 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\HP_Owner\AppData\Roaming\mozilla\Firefox\Profiles\0l621xpy.default\extensions\crossriderapp2258@crossrider.com
    [2009/07/13 16:11:12 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\HP_Owner\AppData\Roaming\mozilla\firefox\profiles\0l621xpy.default\extensions\ieurwbofrk@ieurwbofrk.org.xpi
    [2012/09/15 20:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/03/26 14:09:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2012/09/05 18:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/03/10 15:38:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2007/02/20 16:04:02 | 002,463,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
    [2012/09/05 18:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/09/05 18:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.71\gcswf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.71\pdf.dll
    CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.71\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.71\gears.dll
    CHR - plugin: getPlusPlus for Adobe 162103 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\HP_Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2011/12/04 12:21:44 | 000,439,065 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 15100 more lines...
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
    O2 - BHO: (Total Defense Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKLM\..\Toolbar: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\Toolbar\WebBrowser: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
    O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
    O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [HP KEYBOARDg] C:\Program Files\Hewlett-Packard\HP Wireless Elite Desktop\HPKEYBOARDg.EXE (Hewlett-Packard)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKU\S-1-5-21-844803567-2663946769-357207313-1001..\Run: [AdobeBridge] File not found
    O4 - HKU\S-1-5-21-844803567-2663946769-357207313-1001..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
    O4 - HKU\S-1-5-21-844803567-2663946769-357207313-1001..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe ()
    O4 - HKU\S-1-5-21-844803567-2663946769-357207313-1001..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-844803567-2663946769-357207313-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
    O4 - HKU\S-1-5-21-844803567-2663946769-357207313-1001..\Run: [TrayStatus] C:\Program Files\TrayStatus\TrayStatus.exe (Binary Fortress Software)
    O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex File not found
    O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab (VersionControl Class)
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F8DF6BB-15C2-4313-A248-9F99C49825F4}: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF37EE73-94B3-4E01-BEA2-429DF2AD8003}: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/04/01 19:25:58 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
    O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell\configure\command - "" = Autorun.exe.EXE
    O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell\install\command - "" = Autorun.exe.EXE
    O33 - MountPoints2\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
    O33 - MountPoints2\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\Shell - "" = AutoRun
    O33 - MountPoints2\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\Shell\AutoRun\command - "" = J:\setup.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/24 10:06:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HP_Owner\Desktop\OTL.exe
    [2012/09/23 23:54:36 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Roaming\Yahoo!
    [2012/09/23 20:36:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/09/23 20:09:08 | 000,000,000 | --SD | C] -- C:\A_Wisdom_Fix12817A
    [2012/09/23 18:43:33 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/09/23 13:46:14 | 000,000,000 | --SD | C] -- C:\A_Wisdom_Fix5437A
    [2012/09/23 11:56:46 | 000,000,000 | --SD | C] -- C:\A_Wisdom_Fix
    [2012/09/23 11:47:45 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\HP_Owner\Desktop\iExplore.exe
    [2012/09/23 11:46:57 | 004,755,721 | R--- | C] (Swearware) -- C:\Users\HP_Owner\Desktop\A_Wisdom_Fix.exe
    [2012/09/22 21:46:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/22 21:46:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/22 21:46:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/22 21:46:04 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/22 21:45:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/22 21:35:15 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\HP_Owner\Desktop\rkill.exe
    [2012/09/22 17:36:29 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\Desktop\RK_Quarantine
    [2012/09/19 22:18:15 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\Desktop\Temp
    [2012/09/19 16:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/09/19 15:36:17 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Local\Macromedia
    [2012/09/19 13:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/09/19 13:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
    [2012/09/19 13:40:35 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Local\PC Cleanup Utility Inc
    [2012/09/19 13:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Cleanup Utility Inc
    [2012/09/19 13:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\PC Cleanup Utility
    [2012/09/19 10:31:30 | 000,000,000 | ---D | C] -- C:\Temp
    [2012/09/19 10:27:28 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
    [2012/09/16 17:42:16 | 000,000,000 | ---D | C] -- C:\sh4ldr
    [2012/09/16 17:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/09/15 20:33:35 | 000,000,000 | ---D | C] -- C:\Motorola
    [2012/09/15 20:06:36 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Roaming\Malwarebytes
    [2012/09/15 20:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/15 20:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/15 20:06:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/09/15 20:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/09/15 19:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
    [2012/09/15 19:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/09/15 19:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/09/15 19:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/09/15 19:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2012/09/15 16:04:31 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Roaming\SUPERAntiSpyware.com
    [2012/09/15 16:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/09/02 14:00:58 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Roaming\xsecva
    [2012/09/02 13:58:02 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Local\{E30CF1F5-F540-11E1-8270-B8AC6F996F26}
    [2012/09/01 13:30:36 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Local\Xobni
    [2012/09/01 13:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Xobni
    [2012/08/29 17:13:30 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\Desktop\2012-08-29 AW_Card
    [2012/08/28 21:11:02 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\Desktop\Galeries
    [2012/08/25 22:34:38 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Roaming\Nero
    [2012/08/25 22:01:27 | 000,000,000 | ---D | C] -- C:\Sandbox
    [2012/08/25 21:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
    [2012/08/25 21:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/08/25 21:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/08/25 13:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF8502FA96D5026EDA02F875F020
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/24 10:06:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP_Owner\Desktop\OTL.exe
    [2012/09/24 09:47:03 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/24 09:47:03 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/24 09:44:11 | 000,693,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/09/24 09:44:11 | 000,130,732 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/09/24 09:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/24 09:39:46 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
    [2012/09/24 09:39:46 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
    [2012/09/24 09:39:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/24 09:39:39 | 1580,371,968 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/23 23:30:50 | 000,002,282 | ---- | M] () -- C:\Windows\Sandboxie.ini
    [2012/09/23 18:00:01 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
    [2012/09/23 13:38:31 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/09/23 11:47:45 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\HP_Owner\Desktop\iExplore.exe
    [2012/09/23 11:46:57 | 004,755,721 | R--- | M] (Swearware) -- C:\Users\HP_Owner\Desktop\A_Wisdom_Fix.exe
    [2012/09/22 21:35:15 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\HP_Owner\Desktop\rkill.exe
    [2012/09/22 17:22:49 | 001,388,032 | ---- | M] () -- C:\Users\HP_Owner\Desktop\RogueKiller.exe
    [2012/09/22 12:17:29 | 000,229,228 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
    [2012/09/21 14:18:40 | 000,046,343 | ---- | M] () -- C:\Users\HP_Owner\Desktop\2012 09 20 Stelmakh Proposal II.pdf
    [2012/09/20 14:47:01 | 000,000,040 | ---- | M] () -- C:\Users\HP_Owner\AppData\Roaming\mbam.context.scan
    [2012/09/20 08:35:08 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
    [2012/09/20 03:00:01 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
    [2012/09/19 17:44:02 | 223,850,095 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/09/19 16:25:25 | 000,951,913 | ---- | M] () -- C:\Users\HP_Owner\Desktop\A_Wisdom Examples_2012.pdf
    [2012/09/19 15:52:00 | 000,503,893 | ---- | M] () -- C:\Users\HP_Owner\Desktop\A_Wisdom References_2012.pdf
    [2012/09/19 15:51:30 | 000,751,719 | ---- | M] () -- C:\Users\HP_Owner\Desktop\A_Wisdom Resume_2012.pdf
    [2012/09/19 15:46:08 | 000,545,455 | ---- | M] () -- C:\Users\HP_Owner\Desktop\A_Wisdom Cover AIA.pdf
    [2012/09/19 10:27:18 | 000,000,005 | ---- | M] () -- C:\0.bak
    [2012/09/18 17:06:44 | 000,013,338 | ---- | M] () -- C:\0
    [2012/09/16 09:03:49 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
    [2012/09/15 20:04:47 | 000,002,001 | ---- | M] () -- C:\Users\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/09/15 19:57:50 | 000,001,056 | ---- | M] () -- C:\Users\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
    [2012/09/15 19:49:49 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/09/15 17:43:13 | 000,000,000 | ---- | M] () -- C:\Users\HP_Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/08/31 11:17:46 | 000,000,380 | ---- | M] () -- C:\edu.bmp
    [2012/08/31 11:17:46 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
    [2012/08/31 11:17:46 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
    [2012/08/31 11:17:46 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
    [2012/08/31 11:17:46 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
    [2012/08/31 11:17:46 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
    [2012/08/31 11:17:46 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
    [2012/08/31 11:17:46 | 000,000,138 | ---- | M] () -- C:\flk2.gif
    [2012/08/31 11:17:46 | 000,000,103 | ---- | M] () -- C:\del_1.gif
    [2012/08/29 14:07:59 | 000,000,304 | ---- | M] () -- C:\dir.bmp
    [2012/08/29 14:07:59 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
    [2012/08/29 14:07:59 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
    [2012/08/29 14:07:59 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
    [2012/08/29 14:07:58 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
    [2012/08/29 14:07:58 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/24 09:46:09 | 001,388,032 | ---- | C] () -- C:\Users\HP_Owner\Desktop\RogueKiller.exe
    [2012/09/22 21:46:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/22 21:46:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/22 21:46:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/22 21:46:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/22 21:46:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/22 14:03:40 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/09/21 14:18:39 | 000,046,343 | ---- | C] () -- C:\Users\HP_Owner\Desktop\2012 09 20 Stelmakh Proposal II.pdf
    [2012/09/20 14:47:01 | 000,000,040 | ---- | C] () -- C:\Users\HP_Owner\AppData\Roaming\mbam.context.scan
    [2012/09/19 17:44:02 | 223,850,095 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/09/19 15:52:43 | 000,545,455 | ---- | C] () -- C:\Users\HP_Owner\Desktop\A_Wisdom Cover AIA.pdf
    [2012/09/19 10:27:18 | 000,000,005 | ---- | C] () -- C:\0.bak
    [2012/09/16 14:07:15 | 000,000,498 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
    [2012/09/15 20:03:44 | 000,001,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/09/15 19:58:14 | 000,001,056 | ---- | C] () -- C:\Users\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
    [2012/09/15 19:58:11 | 000,002,282 | ---- | C] () -- C:\Windows\Sandboxie.ini
    [2012/09/15 19:49:49 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/09/02 13:58:02 | 000,000,000 | ---- | C] () -- C:\Users\HP_Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
    [2012/08/31 11:17:46 | 000,000,380 | ---- | C] () -- C:\edu.bmp
    [2012/08/31 11:17:46 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
    [2012/08/31 11:17:46 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
    [2012/08/31 11:17:46 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
    [2012/08/31 11:17:46 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
    [2012/08/31 11:17:46 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
    [2012/08/31 11:17:46 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
    [2012/08/31 11:17:46 | 000,000,138 | ---- | C] () -- C:\flk2.gif
    [2012/08/31 11:17:46 | 000,000,103 | ---- | C] () -- C:\del_1.gif
    [2012/08/29 14:07:59 | 000,000,304 | ---- | C] () -- C:\dir.bmp
    [2012/08/29 14:07:59 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
    [2012/08/29 14:07:59 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
    [2012/08/29 14:07:58 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
    [2012/08/29 14:07:58 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
    [2012/08/29 14:07:58 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
    [2012/07/30 22:11:41 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
    [2012/03/31 23:22:36 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2011/09/08 23:51:16 | 000,000,116 | ---- | C] () -- C:\Users\HP_Owner\Adobe Encore_AME.pref
    [2011/09/08 20:55:19 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
    [2011/07/09 08:56:42 | 002,616,320 | ---- | C] () -- C:\Windows\expl.dat
    [2011/07/09 08:56:42 | 000,286,720 | ---- | C] () -- C:\Windows\System32\winl.dat
    [2011/07/09 08:56:42 | 000,020,992 | ---- | C] () -- C:\Windows\System32\svch.dat
    [2011/05/14 18:06:10 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
    [2011/04/08 21:49:57 | 000,038,432 | ---- | C] () -- C:\Users\HP_Owner\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2011/03/26 14:17:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/02/11 20:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2011/02/11 20:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2011/02/11 20:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
    [2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2011/02/11 19:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2010/10/24 16:28:14 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
    [2010/01/25 17:50:19 | 000,007,605 | ---- | C] () -- C:\Users\HP_Owner\AppData\Local\resmon.resmoncfg

    ========== ZeroAccess Check ==========

    [2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========


    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:D282699C
    < End of report >
     
     
  12. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    OTL Extras logfile created on: 9/24/2012 10:08:20 AM - Run 1
    OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\HP_Owner\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.96 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 64.51% Memory free
    3.92 Gb Paging File | 2.95 Gb Available in Paging File | 75.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.89 Gb Total Space | 145.51 Gb Free Space | 62.48% Space Free | Partition Type: NTFS

    Computer Name: DESKTOP | User Name: HP_Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .scr [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0A1E9358-9A8F-4B33-87A4-E0F886AAD0DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0AD3107B-568C-42A9-9CD3-28E9FC0AA97E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1A05129D-3785-4670-9B8A-03F2777FE2DF}" = lport=137 | protocol=17 | dir=in | app=system |
    "{1CA50C22-E797-4C59-B2EE-A56B0BDA7A44}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
    "{3668A097-E6C8-49BD-9078-16FA94E0EB80}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{37663789-A3A6-4F36-AAFF-F7BDE2DDA37A}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
    "{38C5B6A8-CB86-4A2E-81E5-849B4D9A8BA3}" = lport=139 | protocol=6 | dir=in | app=system |
    "{438E2359-B474-48A8-BF03-6104D96277F3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.21006\smsvchost.exe |
    "{442ABAE8-30FD-4168-8E50-B8CD92BAC36C}" = rport=137 | protocol=17 | dir=out | app=system |
    "{459183D0-8FE9-4ECE-B16A-2F475DA76B04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{47826B51-7DE1-4E78-91EB-E7AC1A4DAC22}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{4E7BAA14-BB99-4A7D-848B-73AF350B3617}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5ED1A95D-089C-42A2-9A98-B3C9291E225B}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{61AC2993-80E5-45EF-8A48-B923EA9442AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6CEA77D8-ADCF-41BD-9165-8DD9036877C3}" = lport=445 | protocol=6 | dir=in | app=system |
    "{6EFE380F-55F6-4999-B7A3-FDABFFFE8CA0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7EA0DD18-B229-43F3-B536-80654CAA0B23}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{84545AD7-6B5A-4D3F-AA8A-425D8F6F87EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{9365B18C-03F8-45D6-9879-446EACE35F21}" = rport=445 | protocol=6 | dir=out | app=system |
    "{A2B1CD4E-8D9A-4500-ACDC-F3EBCFDD048A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A3ECAC60-CF48-4703-A3E6-7E1ECAD8C36E}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
    "{A45C98AD-EDB5-4078-B649-45BB4E18BE4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{A4C4E45E-8D79-4F0E-BF19-1773A5D6FD15}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
    "{A4C96F6C-48B7-4CB7-95D8-A999315AC2FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{ADDCD2B1-2CEF-476F-8027-D121A6770641}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{B4D656C5-7609-4166-AF7C-BD10BC8B618A}" = lport=138 | protocol=17 | dir=in | app=system |
    "{B61A0F36-A806-4645-A680-6E39496A8730}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{C03D247B-AA0E-4E96-AF00-64D64A25C73D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{C0F7AC79-5817-4188-B20F-182635DFE200}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
    "{C3923C12-33E5-4409-B887-C28EA4EFB51A}" = rport=138 | protocol=17 | dir=out | app=system |
    "{C8C3B115-4FDA-44D3-9B2A-2DC3FD2416F9}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{CED50CEC-51BF-4AB2-BDF7-23B4775785C2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D576965B-580C-42E9-930D-3582AA7D767B}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
    "{D96ECD6B-FD75-4B2F-90F9-69B5ECF23970}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
    "{F5C75536-6423-41DA-907A-933AB6FB78FB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{F7604BDE-3225-44D3-A5E1-6999969E9F01}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FA4250A2-78A8-4890-8B29-70FAFADE74A3}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1B58E8D9-616B-4E94-A409-B537884161C5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{1BB45D00-2A14-441C-82DC-11D8E03FDA9A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{2114111B-AB0D-4FD4-972D-15BEA3F3897F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{29C23C7A-F2DE-4E34-B25A-E047D6ECE9C7}" = dir=in | app=c:\program files\freefileviewer\ffvcheckforupdates.exe |
    "{3372495B-7656-4FCB-85A8-D3738587AE92}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{47B1510C-F1EA-48DE-A4FB-CEE288EEB2FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{51941DEC-EEE5-481E-ACB0-C2DF8BD2812C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{57BD9BBA-7B85-47E2-AFC1-0554A76B206E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5988C273-384A-4C20-9CB5-F51723E7C48A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{67D20F0E-76AA-4719-A5EE-D5399E189E25}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{68DC9F5E-FC9A-4C4A-AB29-6CB9AD4F0B4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6BB1D31B-4F21-435E-8200-52CABA1D07F8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{71C2296F-EF3B-4B3C-93D7-23EE1BE1147D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{72A5410D-B2B8-4405-AE12-D9B097049862}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{7B2A9754-9C43-43B2-9E2F-136295DF7504}" = protocol=17 | dir=in | app=c:\users\hp_owner\desktop\facemoods.exe |
    "{7E62B5C8-A69A-411B-B8EF-6602BBE04FEF}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{83548578-A3E8-446B-981A-BCF5F97767A4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\j4today2000\counter-strike source\hl2.exe |
    "{883B0750-F10C-4FC5-B7F9-D334553A1A72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8B82ED4B-E64B-44A5-BBAF-EC8A1040A3F4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{8BF09711-8729-4D0C-9334-F43C4432B5B3}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{8C84438D-C731-4272-972B-B8A0C802C314}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{8CA122E4-828F-4031-A2E3-006E410ECEC2}" = protocol=6 | dir=out | app=system |
    "{8E7AB332-658F-47CC-978A-0416ABABCA11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{948CB784-6D9A-495B-A3EA-F1DB0FF75761}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{95277D2F-A20E-4326-B055-65102114FEE1}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{9937D5F2-1712-4177-A5A4-F7A050B17A6D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9ECE7EF5-31BD-45CB-B3B7-B5606336A986}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
    "{A64832A8-78A2-4A1D-B6D0-B80555E208BC}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
    "{AEA650A8-7E09-4B4F-BD5D-FA422169BCC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B9916AD6-C892-4111-81FC-CB80B1F53B7C}" = protocol=6 | dir=in | app=c:\users\hp_owner\desktop\facemoods.exe |
    "{C5C5844A-DECF-4767-B319-6A355EDD0404}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C788A6E0-996E-4EE2-918E-818A993664FA}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{D4EDF1C7-3E3F-4B2F-B625-A58F0315AB02}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{D8F71A2B-F143-480C-BC49-53CBA3BA1907}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\j4today2000\counter-strike source\hl2.exe |
    "{E4967DF0-DFE5-4F20-83D5-68AE90E3FAD3}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{F28F8712-8CC0-40BD-B608-CFADDD5B9D96}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{F76FAA4C-BBDB-4426-9B36-436D0A5E0699}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FE39FB4E-20BE-46A8-9C84-D92335DCDAF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
    "{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{0363C7DA-291C-454E-A318-570D4FC0A040}" = HGTV Ultimate Home Design with Landscaping & Decks
    "{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
    "{20FA8AEE-E785-4F79-98EB-2067A8F395F4}" = Monopoly
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
    "{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
    "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
    "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
    "{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu for Office 2007 v5.20
    "{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
    "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
    "{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.2
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5783F2D7-9001-0409-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
    "{5783F2D7-A001-0409-0002-0060B0CE6BBA}" = AutoCAD 2012 - English
    "{5783F2D7-A001-0409-1002-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
    "{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
    "{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
    "{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
    "{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6C12B6BF-3891-497B-B5CA-3D64DA093947}" = Motorola Mobile Drivers Installation 5.4.0
    "{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
    "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
    "{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
    "{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
    "{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
    "{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{8EA053AE-DC8F-44C0-9090-DAB1D7F56831}" = HGTV Instant Makeover
    "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
    "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A527C2E8-3B05-4C35-9A6A-250C571FA9D6}" = Dfx Essentials
    "{A62F50D4-EED7-4417-A382-E89ABCF11BAC}" = SketchUp DWG Importer
    "{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
    "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
    "{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
    "{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
    "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{C38D079C-950D-4F18-BF7B-CE58DE86D3BD}" = Image Resizer Powertoy Clone for Windows
    "{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}" = Hallmark Card Studio 2009
    "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
    "{c623c967-f430-49f8-bc6d-a0803dcbf984}" = Nero 9 Essentials
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
    "{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
    "{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
    "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
    "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DB64B248-2E30-3948-DB5C-6FB44E282789}" = Overhead Door Configurator
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
    "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
    "{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
    "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
    "{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
    "{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
    "1381-5408-0515-7060" = RAIDar 4.3.4
    "Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
    "Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
    "Allway Sync_is1" = Allway Sync version 12.1.1
    "AutoCAD 2012 - English" = AutoCAD 2012 - English
    "AutoCAD 2012 - English SP1" = AutoCAD 2012 - English SP1
    "Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
    "Autodesk Inventor Fusion 2012 SP2" = Autodesk Inventor Fusion 2012 SP2
    "Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
    "Brain Fitness" = Brain Fitness
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "converter3df 1_is1" = converter3df
    "Cookie Jar" = Cookie Jar
    "Creative PD1130" = Creative WebCam NX Pro Driver (1.03.03.0326)
    "d6b74f60-2e9d-4c60-a8b7-b7d737c44ad4_is1" = TrayStatus 1.2.3
    "Dfx Essentials" = Dfx Essentials
    "DriverFinder" = DriverFinder
    "EGREEN" = ASUS E-Green Uninstall
    "E-Hammer1.0.0" = E-Hammer
    "F0D6F43C6D0793421B9187C6B7D03CDB39625C46" = Windows Driver Package - Realtek (RTL8167) Net (11/23/2011 7.050.1123.2011)
    "Family Tree Maker 2010" = Family Tree Maker 2010
    "FileZilla Client" = FileZilla Client 3.3.1
    "FreeFileViewer_is1" = Free File Viewer 2012
    "GameSpy Arcade" = GameSpy Arcade
    "HP Wireless Elite Desktop_is1" = HP Wireless Elite Desktop
    "InstallShield_{0363C7DA-291C-454E-A318-570D4FC0A040}" = HGTV Ultimate Home Design with Landscaping & Decks
    "InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
    "InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
    "InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
    "InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
    "Linksys EasyLink Advisor" = Linksys EasyLink Advisor
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Money2006b" = Microsoft Money 2006
    "MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Pdf995" = Pdf995
    "PdfEdit995" = PdfEdit995
    "PhotoRecord" = Canon PhotoRecord
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "renoworks.configurators.OHD.9053907FED92C623A3F2791C32BD26ACC048CEAF.1" = Overhead Door Configurator
    "Revo Uninstaller" = Revo Uninstaller 1.93
    "Sandboxie" = Sandboxie 3.74 (32-bit)
    "Signature995" = Signature99574 (32-BIT
    "StarLancer 1.0" = Microsoft StarLancer
    "Steam App 320" = Half-Life 2: Deathmatch
    "TurboTax 2009" = TurboTax 2009
    "TurboTax 2010" = TurboTax 2010
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.11 (32-bit)
    "WinZip" = WinZip
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/13/2011 2:04:25 AM | Computer Name = HP_Pavilian | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\PDF995\res\drivedir\copy64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/13/2011 2:05:55 AM | Computer Name = HP_Pavilian | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    Error - 11/13/2011 6:02:51 PM | Computer Name = HP_Pavilian | Source = Bonjour Service | ID = 100
    Description = ERROR: mDNSPlatformReadTCP - recv: 10053

    Error - 11/13/2011 6:02:51 PM | Computer Name = HP_Pavilian | Source = Bonjour Service | ID = 100
    Description = 452: ERROR: read_msg errno 0 (The operation completed successfully.)

    Error - 11/13/2011 6:04:54 PM | Computer Name = HP_Pavilian | Source = UmxAgent | ID = 99
    Description =

    Error - 11/13/2011 9:37:21 PM | Computer Name = HP_Pavilian | Source = UmxAgent | ID = 99
    Description =

    Error - 11/16/2011 2:38:15 AM | Computer Name = HP_Pavilian | Source = UmxAgent | ID = 99
    Description =

    Error - 11/16/2011 3:09:29 AM | Computer Name = HP_Pavilian | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\PDF995\pdf995_old\res\drivedir\copy64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/16/2011 3:09:31 AM | Computer Name = HP_Pavilian | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\PDF995\res\drivedir\copy64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 11/16/2011 3:11:01 AM | Computer Name = HP_Pavilian | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    [ Media Center Events ]
    Error - 8/27/2011 10:44:09 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
    Description = 7:44:09 PM - Error connecting to the internet. 7:44:09 PM - Unable
    to contact server..

    Error - 8/27/2011 10:44:16 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
    Description = 7:44:14 PM - Error connecting to the internet. 7:44:14 PM - Unable
    to contact server..

    Error - 8/28/2011 6:24:04 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
    Description = 3:24:04 PM - Error connecting to the internet. 3:24:04 PM - Unable
    to contact server..

    Error - 8/28/2011 6:24:20 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
    Description = 3:24:09 PM - Error connecting to the internet. 3:24:09 PM - Unable
    to contact server..

    Error - 8/28/2011 10:18:11 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
    Description = 7:18:11 PM - Error connecting to the internet. 7:18:11 PM - Unable
    to contact server..

    Error - 8/28/2011 10:18:21 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
    Description = 7:18:16 PM - Error connecting to the internet. 7:18:16 PM - Unable
    to contact server..

    Error - 8/30/2011 9:16:57 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
    Description = 6:16:57 PM - Error connecting to the internet. 6:16:57 PM - Unable
    to contact server..

    Error - 8/30/2011 9:17:08 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
    Description = 6:17:03 PM - Error connecting to the internet. 6:17:03 PM - Unable
    to contact server..

    Error - 9/2/2011 10:40:24 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
    Description = 7:40:24 PM - Error connecting to the internet. 7:40:24 PM - Unable
    to contact server..

    Error - 9/2/2011 10:40:34 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
    Description = 7:40:29 PM - Error connecting to the internet. 7:40:29 PM - Unable
    to contact server..

    [ OSession Events ]
    Error - 6/22/2011 3:46:50 AM | Computer Name = HP_Pavilian | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 737
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 8/23/2012 7:42:48 PM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 134
    seconds with 120 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 9/23/2012 11:04:45 PM | Computer Name = Desktop | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 7:31:29 PM on ?9/?23/?2012 was unexpected.

    Error - 9/23/2012 11:04:50 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    discache spldr Wanarpv6

    Error - 9/23/2012 11:04:56 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
    Description =

    Error - 9/23/2012 11:05:01 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
    Description =

    Error - 9/23/2012 11:05:05 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
    Description =

    Error - 9/23/2012 11:05:15 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
    Description =

    Error - 9/23/2012 11:05:15 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
    Description =

    Error - 9/23/2012 11:36:35 PM | Computer Name = Desktop | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 8:09:38 PM on ?9/?23/?2012 was unexpected.

    Error - 9/23/2012 11:37:01 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7034
    Description = The Linksys Updater service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 9/24/2012 12:40:00 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7034
    Description = The Linksys Updater service terminated unexpectedly. It has done
    this 1 time(s).


    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
      IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>;192.168.*.*
      FF - prefs.js..extensions.enabledAddons: ieurwbofrk@ieurwbofrk.org:2.5
      [2009/07/13 16:11:12 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\HP_Owner\AppData\Roaming\mozilla\firefox\profiles\0l621xpy.default\extensions\ieurwbofrk@ieurwbofrk.org.xpi
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (Total Defense Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
      O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
      O3 - HKLM\..\Toolbar: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
      O3 - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\Toolbar\WebBrowser: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
      O4 - HKU\S-1-5-21-844803567-2663946769-357207313-1001..\Run: [AdobeBridge] File not found
      O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex File not found
      O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex File not found
      O15 - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
      O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell\configure\command - "" = Autorun.exe.EXE
      O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell\install\command - "" = Autorun.exe.EXE
      O33 - MountPoints2\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
      O33 - MountPoints2\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\Shell - "" = AutoRun
      O33 - MountPoints2\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\Shell\AutoRun\command - "" = J:\setup.exe -a
      [2012/09/23 18:43:33 | 000,000,000 | ---D | C] -- C:\FRST
      [2012/09/02 13:58:02 | 000,000,000 | ---- | C] () -- C:\Users\HP_Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
      [2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      @Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:D282699C
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===================================

    Now it's time to install some AV program...
    Install ONE of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

    ===================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
    HKU\S-1-5-21-844803567-2663946769-357207313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Prefs.js: ieurwbofrk@ieurwbofrk.org:2.5 removed from extensions.enabledAddons
    C:\Users\HP_Owner\AppData\Roaming\mozilla\firefox\profiles\0l621xpy.default\extensions\ieurwbofrk@ieurwbofrk.org.xpi moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45011CF5-E4A9-4F13-9093-F30A784EB9B2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45011CF5-E4A9-4F13-9093-F30A784EB9B2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}\ deleted successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}\ not found.
    Registry value HKEY_USERS\S-1-5-21-844803567-2663946769-357207313-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}\ not found.
    Registry value HKEY_USERS\S-1-5-21-844803567-2663946769-357207313-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
    Registry key HKEY_USERS\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    C:\ProgramData\webex\ieatgpc.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ not found.
    File D:\Autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\ not found.
    File E:\AUTORUN.EXE not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\ not found.
    File J:\setup.exe -a not found.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\Users\HP_Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ moved successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ADS C:\ProgramData\TEMP:D282699C deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: HP_Owner
    ->Temp folder emptied: 89929159 bytes
    ->Temporary Internet Files folder emptied: 78290515 bytes
    ->Java cache emptied: 12162231 bytes
    ->FireFox cache emptied: 65358184 bytes
    ->Flash cache emptied: 643 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2859608 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 237.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: DefaultAppPool

    User: HP_Owner
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool

    User: HP_Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.66.2 log created on 09252012_120429
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  15. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    (On Access scanning disabled!)
    Error obtaining update status for antivirus!
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.65.0.1400
    Adobe Flash Player 9 Flash Player out of Date!
    Adobe Reader X (10.1.4)
    Mozilla Firefox (15.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  16. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    Farbar Service Scanner Version: 19-09-2012
    Ran by HP_Owner (administrator) on 25-09-2012 at 12:19:53
    Running from "C:\Users\HP_Owner\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2012-09-16 12:50] - [2012-08-22 10:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  17. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    # AdwCleaner v2.003 - Logfile created 09/25/2012 at 12:22:09
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
    # User : HP_Owner - DESKTOP
    # Boot Mode : Normal
    # Running from : C:\Users\HP_Owner\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Deleted : C:\ProgramData\Browser Manager
    Folder Deleted : C:\Users\HP_Owner\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
    Folder Deleted : C:\Users\HP_Owner\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\HP_Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0l621xpy.default\extensions\crossriderapp2258@crossrider.com
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
    Key Deleted : HKCU\Software\Headlight
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    -\\ Mozilla Firefox v15.0.1 (en-US)
    Profile name : default
    File : C:\Users\HP_Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0l621xpy.default\prefs.js
    [OK] File is clean.
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\HP_Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[S1].txt - [2147 octets] - [25/09/2012 12:22:09]
    ########## EOF - C:\AdwCleaner[S1].txt - [2207 octets] ##########
     
  18. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    OK - I ran he OTL with the fix, then the SecurityCheck, FSS, AdwCleaner, and TFC (no report created - but removed over 600 mb)
    When I opened IE to run the ESET online scanner, internet explored it taking FOREVER to load the page (any page). I have resorted to Firefox (which runs just fine) just to write this post.
     
  19. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentwu.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
    C:\Users\HP_Owner\AppData\Local\Google\Chrome\User Data\Default\Default\aadddbdfgcdjdbgfdfdhdidadegegddi\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
    C:\Users\HP_Owner\AppData\Local\Google\Chrome\User Data\Default\Default\aadddbdfgcdjdbgfdfdhdidadegegddi\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\2vf769jy.default\extensions\ieurwbofrk@ieurwbofrk.org.xpi JS/Redirector.NCA trojan deleted - quarantined
    C:\_OTL\MovedFiles\09252012_120429\C_FRST\Quarantine\explorer.exe a variant of Win32/Patched.IA trojan deleted - quarantined
    C:\_OTL\MovedFiles\09252012_120429\C_Users\HP_Owner\AppData\Roaming\mozilla\firefox\profiles\0l621xpy.default\extensions\ieurwbofrk@ieurwbofrk.org.xpi JS/Redirector.NCA trojan deleted - quarantined
     
  20. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ==============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
     
  21. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: HP_Owner
    ->Temp folder emptied: 110554315 bytes
    ->Temporary Internet Files folder emptied: 22244286 bytes
    ->Java cache emptied: 125041 bytes
    ->FireFox cache emptied: 45796625 bytes
    ->Flash cache emptied: 860 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 161712 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 171.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool

    User: HP_Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: DefaultAppPool

    User: HP_Owner
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.66.2 log created on 09262012_101325

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  22. A_Wisdom

    A_Wisdom TS Rookie Topic Starter Posts: 36

    28 hours later - 6 with hard usage including a LOT of internet searches - and everything seems to be running great. I had to reset my Internet Explorer to get it to act normal, but the glitch when downloading a page has been cleared up.

    Thank you so much for your help. I think we can close this tread.

    Thank you,
    A
     
  23. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Yes!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.