Solved Yet another infected with a virus attacking svchost.exe

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-09-2012
Ran by SYSTEM at 23-09-2012 17:43:58
Running from I:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [] [x]
HKLM\...\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2595792 2008-04-09] (Acronis)
HKLM\...\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1778064 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [HP KEYBOARDg] "C:\Program Files\Hewlett-Packard\HP Wireless Elite Desktop\HPKEYBOARDg.EXE" [701592 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [909208 2008-04-09] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [136472 2008-04-09] (Acronis)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKU\HP_Owner\...\Run: [AdobeBridge] [x]
HKU\HP_Owner\...\Run: [TrayStatus] "C:\Program Files\TrayStatus\TrayStatus.exe" [283032 2011-05-18] (Binary Fortress Software)
HKU\HP_Owner\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
HKU\HP_Owner\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2011-06-20] (Hewlett-Packard Company)
HKU\HP_Owner\...\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe [7811592 2009-12-16] ()
HKU\HP_Owner\...\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1025320 2009-04-24] (SupportSoft, Inc.)
HKU\HP_Owner\...\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" [545552 2012-08-25] (SANDBOXIE L.T.D)
Winlogon\Notify\PFW:
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 75.75.75.75 75.75.76.76
Lsa: [Authentication Packages] msv1_0 relog_ap
==================== Services (Whitelisted) ===================
2 AcrSch2Svc; "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [431384 2008-04-09] (Acronis)
2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
2 Autodesk Content Service; "C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-02] ()
2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe service [182784 2012-05-14] ()
3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [1044816 2012-03-31] (Flexera Software, Inc.)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [114144 2012-09-05] (Mozilla Foundation)
2 nmservice; "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [642856 2008-12-12] (Cisco Systems, Inc.)
2 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [85776 2012-08-25] (SANDBOXIE L.T.D)
3 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 TryAndDecideService; "C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [492896 2008-04-09] ()
2 LinksysUpdater; "C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "C:\Program Files\Linksys\Linksys Updater\conf\wrapper.conf" [x]
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]
==================== Drivers (Whitelisted) ====================
3 catchme; \??\C:\Users\HP_Owner\AppData\Local\Temp\catchme.sys [31744 2012-09-23] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21520 2010-07-21] (Microsoft Corporation)
3 P1130VID; C:\Windows\System32\DRIVERS\P1130Vid.sys [90229 2004-05-04] (Creative Technology Ltd.)
2 PEVSystemStart; "C:\A_Wisdom_Fix5437A\pev.3XE" EXEC /I "C:\A_Wisdom_Fix5437A\HIDEC.3XE" "C:\A_Wisdom_Fix5437A\SWREG.3XE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q [518144 2000-08-30] (SteelWerX)
2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24880 2008-12-12] (Cisco Systems, Inc.)
2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26416 2008-12-12] (Cisco Systems, Inc.)
3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [157776 2012-08-25] (SANDBOXIE L.T.D)
0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2010-01-23] (Acronis)
2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2010-01-23] (Acronis)
3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22792 2009-09-11] (Logitech Inc.)
3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [35592 2009-09-11] (Logitech Inc.)
3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [14984 2009-09-11] (Logitech Inc.)
3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66056 2009-09-11] (Logitech Inc.)
3 cpuz132; \??\C:\Users\HP_Owner\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2012-09-23 12:46 - 2012-09-23 12:46 - 00000000 ___SD C:\A_Wisdom_Fix5437A
2012-09-23 10:56 - 2012-09-23 10:58 - 00000000 ___SD C:\A_Wisdom_Fix
2012-09-23 10:47 - 2012-09-23 10:47 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\HP_Owner\Desktop\iExplore.exe
2012-09-23 10:46 - 2012-09-23 10:46 - 04755721 ____R (Swearware) C:\Users\HP_Owner\Desktop\A_Wisdom_Fix.exe
2012-09-22 23:23 - 2012-09-23 12:45 - 00006972 ____A C:\Users\HP_Owner\Desktop\Rkill.txt
2012-09-22 20:46 - 2012-09-22 20:46 - 00000000 ____D C:\Qoobox
2012-09-22 20:46 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-22 20:46 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-22 20:46 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-22 20:46 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-22 20:46 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-22 20:46 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-22 20:46 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-22 20:46 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-22 20:45 - 2012-09-22 20:45 - 00000000 ____D C:\Windows\erdnt
2012-09-22 20:35 - 2012-09-22 20:35 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\HP_Owner\Desktop\rkill.exe
2012-09-22 16:36 - 2012-09-22 16:47 - 00000000 ____D C:\Users\HP_Owner\Desktop\RK_Quarantine
2012-09-22 16:24 - 2011-01-01 00:14 - 00002254 ___RA C:\Users\HP_Owner\Desktop\eula.txt
2012-09-22 13:03 - 2012-09-23 12:38 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-22 11:15 - 2012-09-22 11:16 - 00001533 ____A C:\Windows\pcsetup.log
2012-09-22 11:14 - 2012-09-22 11:14 - 00002498 ____A C:\Windows\System32\FDInstall.log
2012-09-22 08:29 - 2012-09-22 08:29 - 00000000 ____A C:\Users\HP_Owner\Desktop\New Text Document.txt
2012-09-21 13:25 - 2012-09-21 13:25 - 00000870 ____A C:\Users\All Users\ltgubaa.tmp
2012-09-21 13:25 - 2012-09-21 13:25 - 00000869 ____A C:\Users\All Users\ktgubaa.tmp
2012-09-21 13:18 - 2012-09-21 13:18 - 00000873 ____A C:\Users\All Users\bcfrhaa.tmp
2012-09-21 13:11 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-21 13:11 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-21 13:11 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-21 13:11 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-21 13:11 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-21 13:11 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-21 13:11 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-21 13:11 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-21 13:11 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-21 13:11 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-21 13:11 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-21 13:11 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-21 13:11 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-21 13:11 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-21 13:11 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-21 13:11 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-21 12:15 - 2012-09-21 12:15 - 00607260 ____A (Swearware) C:\Users\HP_Owner\Downloads\dds.scr
2012-09-20 13:47 - 2012-09-20 13:47 - 00000040 ____A C:\Users\HP_Owner\AppData\Roaming\mbam.context.scan
2012-09-19 17:44 - 2012-09-19 17:44 - 00000872 ____A C:\Users\All Users\gpxbbaa.tmp
2012-09-19 17:44 - 2012-09-19 17:44 - 00000862 ____A C:\Users\All Users\hpxbbaa.tmp
2012-09-19 16:44 - 2012-09-19 16:44 - 223850095 ____A C:\Windows\MEMORY.DMP
2012-09-19 16:44 - 2012-09-19 16:44 - 00146088 ____A C:\Windows\Minidump\091912-16738-01.dmp
2012-09-19 15:07 - 2012-09-19 15:07 - 00000000 ____D C:\Program Files\ESET
2012-09-19 14:36 - 2012-09-19 14:36 - 00000000 ____D C:\Users\HP_Owner\AppData\Local\Macromedia
2012-09-19 12:52 - 2012-09-19 12:52 - 00000000 ____D C:\Program Files\Common Files\Java
2012-09-19 12:51 - 2012-09-19 12:50 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-09-19 12:40 - 2012-09-19 17:41 - 00000000 ____D C:\Program Files\PC Cleanup Utility
2012-09-19 12:40 - 2012-09-19 12:40 - 00000000 ____D C:\Users\HP_Owner\AppData\Local\PC Cleanup Utility Inc
2012-09-19 12:40 - 2012-09-19 12:40 - 00000000 ____D C:\Users\All Users\PC Cleanup Utility Inc
2012-09-19 12:40 - 2012-09-19 12:40 - 00000000 ____D C:\Users\All Users\Browser Manager
2012-09-19 09:27 - 2012-09-19 09:27 - 00000005 ____A C:\0.bak
2012-09-18 16:17 - 2012-09-18 16:17 - 00001184 ____A C:\Windows\IE9_main.log
2012-09-17 05:52 - 2012-09-23 16:33 - 00001960 ____A C:\Windows\setupact.log
2012-09-17 05:52 - 2012-09-23 15:53 - 00084848 ____A C:\Windows\PFRO.log
2012-09-17 05:52 - 2012-09-17 05:52 - 00000000 ____A C:\Windows\setuperr.log
2012-09-16 16:42 - 2012-09-16 16:42 - 00000000 ____D C:\sh4ldr
2012-09-16 16:42 - 2012-09-16 16:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-09-16 13:07 - 2012-09-23 16:33 - 00000498 ____A C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2012-09-16 11:50 - 2012-08-22 09:16 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-16 11:50 - 2012-08-22 09:16 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-16 11:50 - 2012-08-22 09:16 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-16 11:50 - 2012-08-22 09:16 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-16 11:50 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-16 11:50 - 2012-07-04 11:45 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-15 19:33 - 2012-09-15 19:33 - 00000000 ____D C:\Motorola
2012-09-15 19:06 - 2012-09-22 12:37 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-09-15 19:06 - 2012-09-16 19:37 - 00000000 ____D C:\Users\HP_Owner\AppData\Roaming\Malwarebytes
2012-09-15 19:06 - 2012-09-15 19:06 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-15 19:06 - 2012-09-07 16:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-15 18:58 - 2012-09-22 13:04 - 00002224 ____A C:\Windows\Sandboxie.ini
2012-09-15 18:49 - 2012-09-15 18:49 - 00001760 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-15 18:49 - 2012-08-21 12:01 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-15 18:48 - 2012-09-15 18:49 - 00000000 ____D C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-15 18:48 - 2012-09-15 18:49 - 00000000 ____D C:\Program Files\iTunes
2012-09-15 18:48 - 2012-09-15 18:48 - 00000000 ____D C:\Program Files\iPod
2012-09-15 15:04 - 2012-09-15 15:04 - 00000000 ____D C:\Users\HP_Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-09-15 15:04 - 2012-09-15 15:04 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-09-02 13:00 - 2012-09-15 17:19 - 00000000 ____D C:\Users\HP_Owner\AppData\Roaming\xsecva
2012-09-02 12:58 - 2012-09-15 17:19 - 00000000 ____D C:\Users\HP_Owner\AppData\Local\{E30CF1F5-F540-11E1-8270-B8AC6F996F26}
2012-09-02 12:58 - 2012-09-15 16:43 - 00000000 ____A C:\Users\HP_Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
2012-09-01 12:30 - 2012-09-03 18:16 - 00000000 ____D C:\Users\HP_Owner\AppData\Local\Xobni
2012-09-01 12:29 - 2012-09-15 17:19 - 00000000 ____D C:\Program Files\Xobni
2012-08-31 10:17 - 2012-08-31 10:17 - 00000380 ____A C:\edu.bmp
2012-08-29 16:13 - 2012-09-21 17:31 - 00000000 ____D C:\Users\HP_Owner\Desktop\2012-08-29 AW_Card
2012-08-29 13:07 - 2012-08-29 13:07 - 00000304 ____A C:\dir.bmp
2012-08-28 23:36 - 2012-08-28 23:37 - 17789456 ____A (Mozilla) C:\Users\HP_Owner\Downloads\Firefox Setup 15.0.exe
2012-08-28 20:11 - 2012-08-29 22:54 - 00000000 ____D C:\Users\HP_Owner\Desktop\Galeries
2012-08-25 21:34 - 2012-08-25 21:34 - 00000000 ____D C:\Users\HP_Owner\AppData\Roaming\Nero
2012-08-25 21:01 - 2012-09-15 17:19 - 00000000 ____D C:\Sandbox
2012-08-25 20:58 - 2012-09-15 18:57 - 00000000 ____D C:\Program Files\Sandboxie
2012-08-25 20:45 - 2012-08-25 20:45 - 16476616 ____A (Microsoft Corporation) C:\Users\HP_Owner\Downloads\Windows-KB890830-V4.11 (1).exe
2012-08-25 20:31 - 2012-09-15 19:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-08-25 20:31 - 2012-08-25 20:31 - 00000000 ____D C:\Users\All Users\Mozilla
2012-08-25 12:38 - 2012-09-15 17:19 - 00000000 ____D C:\Users\All Users\036DFF8502FA96D5026EDA02F875F020
2012-08-24 11:10 - 2012-08-24 14:45 - 00000000 ____D C:\fcbce6b505fad7c66dd8138645

==================== 3 Months Modified Files ==================
2012-09-23 16:33 - 2012-09-17 05:52 - 00001960 ____A C:\Windows\setupact.log
2012-09-23 16:33 - 2012-09-16 13:07 - 00000498 ____A C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2012-09-23 16:33 - 2012-08-13 06:05 - 00000384 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2012-09-23 16:33 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-23 16:25 - 2010-01-23 14:18 - 00823948 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-23 16:21 - 2010-01-23 13:48 - 01741533 ____A C:\Windows\WindowsUpdate.log
2012-09-23 16:13 - 2009-07-13 20:34 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-23 16:13 - 2009-07-13 20:34 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-23 15:53 - 2012-09-17 05:52 - 00084848 ____A C:\Windows\PFRO.log
2012-09-23 12:45 - 2012-09-22 23:23 - 00006972 ____A C:\Users\HP_Owner\Desktop\Rkill.txt
2012-09-23 12:38 - 2012-09-22 13:03 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-23 11:41 - 2012-04-15 23:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-23 10:47 - 2012-09-23 10:47 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\HP_Owner\Desktop\iExplore.exe
2012-09-23 10:46 - 2012-09-23 10:46 - 04755721 ____R (Swearware) C:\Users\HP_Owner\Desktop\A_Wisdom_Fix.exe
2012-09-22 20:35 - 2012-09-22 20:35 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\HP_Owner\Desktop\rkill.exe
2012-09-22 17:00 - 2012-03-31 16:56 - 00000474 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-09-22 13:04 - 2012-09-15 18:58 - 00002224 ____A C:\Windows\Sandboxie.ini
2012-09-22 11:17 - 2011-09-03 02:02 - 00229228 ____A C:\Windows\System32\Drivers\KmxAgent.asc
2012-09-22 11:16 - 2012-09-22 11:15 - 00001533 ____A C:\Windows\pcsetup.log
2012-09-22 11:14 - 2012-09-22 11:14 - 00002498 ____A C:\Windows\System32\FDInstall.log
2012-09-22 08:29 - 2012-09-22 08:29 - 00000000 ____A C:\Users\HP_Owner\Desktop\New Text Document.txt
2012-09-21 13:25 - 2012-09-21 13:25 - 00000870 ____A C:\Users\All Users\ltgubaa.tmp
2012-09-21 13:25 - 2012-09-21 13:25 - 00000869 ____A C:\Users\All Users\ktgubaa.tmp
2012-09-21 13:18 - 2012-09-21 13:18 - 00000873 ____A C:\Users\All Users\bcfrhaa.tmp
2012-09-21 12:15 - 2012-09-21 12:15 - 00607260 ____A (Swearware) C:\Users\HP_Owner\Downloads\dds.scr
2012-09-20 18:41 - 2012-04-15 23:31 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-09-20 18:41 - 2011-05-15 13:03 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-20 13:47 - 2012-09-20 13:47 - 00000040 ____A C:\Users\HP_Owner\AppData\Roaming\mbam.context.scan
2012-09-20 07:35 - 2012-03-31 16:56 - 00000446 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-09-20 02:00 - 2012-03-31 21:12 - 00000388 ____A C:\Windows\Tasks\ErrorEND.job
2012-09-19 17:44 - 2012-09-19 17:44 - 00000872 ____A C:\Users\All Users\gpxbbaa.tmp
2012-09-19 17:44 - 2012-09-19 17:44 - 00000862 ____A C:\Users\All Users\hpxbbaa.tmp
2012-09-19 16:44 - 2012-09-19 16:44 - 223850095 ____A C:\Windows\MEMORY.DMP
2012-09-19 16:44 - 2012-09-19 16:44 - 00146088 ____A C:\Windows\Minidump\091912-16738-01.dmp
2012-09-19 12:50 - 2012-09-19 12:51 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-09-19 09:27 - 2012-09-19 09:27 - 00000005 ____A C:\0.bak
2012-09-18 16:17 - 2012-09-18 16:17 - 00001184 ____A C:\Windows\IE9_main.log
2012-09-18 16:06 - 2012-04-01 18:13 - 00013338 ____A C:\0
2012-09-17 17:53 - 2009-07-13 20:53 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-17 05:52 - 2012-09-17 05:52 - 00000000 ____A C:\Windows\setuperr.log
2012-09-16 19:12 - 2010-01-23 14:44 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-16 08:03 - 2012-03-31 16:56 - 00000402 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-09-15 18:49 - 2012-09-15 18:49 - 00001760 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-15 16:43 - 2012-09-02 12:58 - 00000000 ____A C:\Users\HP_Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
2012-09-07 16:04 - 2012-09-15 19:06 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-31 10:17 - 2012-08-31 10:17 - 00000380 ____A C:\edu.bmp
2012-08-29 13:07 - 2012-08-29 13:07 - 00000304 ____A C:\dir.bmp
2012-08-28 23:37 - 2012-08-28 23:36 - 17789456 ____A (Mozilla) C:\Users\HP_Owner\Downloads\Firefox Setup 15.0.exe
2012-08-25 20:45 - 2012-08-25 20:45 - 16476616 ____A (Microsoft Corporation) C:\Users\HP_Owner\Downloads\Windows-KB890830-V4.11 (1).exe
2012-08-23 23:27 - 2012-09-21 13:11 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-23 23:03 - 2012-09-21 13:11 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-23 22:59 - 2012-09-21 13:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-23 22:51 - 2012-09-21 13:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-23 22:51 - 2012-09-21 13:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-23 22:51 - 2012-09-21 13:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-23 22:49 - 2012-09-21 13:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-23 22:48 - 2012-09-21 13:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-23 22:47 - 2012-09-21 13:11 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-23 22:47 - 2012-09-21 13:11 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-23 22:47 - 2012-09-21 13:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-23 22:45 - 2012-09-21 13:11 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-23 22:44 - 2012-09-21 13:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-23 22:44 - 2012-09-21 13:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-23 22:43 - 2012-09-21 13:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-23 22:40 - 2012-09-21 13:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-22 09:16 - 2012-09-16 11:50 - 01292144 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 09:16 - 2012-09-16 11:50 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 09:16 - 2012-09-16 11:50 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 09:16 - 2012-09-16 11:50 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 12:01 - 2012-09-15 18:49 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 12:01 - 2011-11-03 23:22 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll
2012-08-15 20:43 - 2012-08-15 20:43 - 01688511 ____A C:\Users\HP_Owner\Desktop\Horvitz Elevs.dwg
2012-08-15 20:43 - 2012-08-15 20:43 - 01328113 ____A C:\Users\HP_Owner\Desktop\Horvitz - Details.dwg
2012-08-15 20:22 - 2009-07-13 20:33 - 04112744 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-13 06:25 - 2012-07-30 21:11 - 04503728 ___AT C:\Users\All Users\ras_0oed.pad
2012-08-09 11:27 - 2012-08-09 11:27 - 00001562 ____A C:\Users\HP_Owner\Desktop\Network Drives.lnk
2012-08-09 10:29 - 2012-08-08 13:57 - 19581440 ____A (Netgear Inc.) C:\Users\HP_Owner\Documents\RAIDar_Win.exe
2012-08-02 08:57 - 2012-09-16 11:50 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-07-26 14:05 - 2012-07-26 14:05 - 01290089 ____A C:\Users\HP_Owner\Desktop\SITEPLAN.DWG
2012-07-18 09:47 - 2012-08-15 06:37 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 12:30 - 2009-07-13 18:04 - 00000499 ____A C:\Windows\win.ini
2012-07-04 13:16 - 2012-08-15 06:37 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 13:14 - 2012-08-15 06:37 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 13:14 - 2012-08-15 06:37 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 11:45 - 2012-09-16 11:50 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2011-04-27 09:37] - [2010-11-20 04:21] - 2640896 ____A (Microsoft Corporation) C2D18B7A36CF417AD78A5CE153636D60
C:\Windows\System32\winlogon.exe
[2011-07-09 07:56] - [2010-11-20 04:21] - 0311296 ____A (Microsoft Corporation) 187867056AE4C401DE297E6A2BD4FABE
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2009-07-13 15:19] - [2010-11-20 04:21] - 0045568 ____A (Microsoft Corporation) 32CF5E31B02C0709D92C0B95948D2B22
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-09-16 14:05:25
Restore point made on: 2012-09-16 14:24:07
Restore point made on: 2012-09-16 14:41:48
Restore point made on: 2012-09-16 19:12:19
Restore point made on: 2012-09-16 21:39:21
Restore point made on: 2012-09-17 05:49:05
Restore point made on: 2012-09-17 22:56:47
Restore point made on: 2012-09-17 23:03:40
Restore point made on: 2012-09-18 17:07:13
Restore point made on: 2012-09-19 09:27:12
Restore point made on: 2012-09-19 10:38:43
Restore point made on: 2012-09-19 12:50:19
Restore point made on: 2012-09-19 14:37:43
Restore point made on: 2012-09-21 13:11:26
Restore point made on: 2012-09-22 11:16:00
Restore point made on: 2012-09-22 20:42:06
Restore point made on: 2012-09-23 12:24:46
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 2009.55 MB
Available physical RAM: 1541.77 MB
Total Pagefile: 2009.55 MB
Available Pagefile: 1553.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.3 MB
==================== Partitions =============================
1 Drive c: (Desktop) (Fixed) (Total:232.89 GB) (Free:145.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (GRMCHPFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
7 Drive I: (UDISK) (Removable) (Total:7.63 GB) (Free:0.74 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 7830 MB 0 B
Disk 6 No Media 0 B 0 B
Disk 7 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 31 KB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Desktop NTFS Partition 232 GB Healthy
=========================================================
Partitions of Disk 5:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7827 MB 2784 KB
=========================================================
Disk: 5
Partition 1
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I UDISK FAT32 Removable 7827 MB Healthy
=========================================================
Last Boot: 2012-09-16 01:08
==================== End Of Log ============================
 
Farbar Recovery Scan Tool (x86) Version: 22-09-2012
Ran by SYSTEM at 2012-09-23 17:46:04
Running from I:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
=== End Of Search ===
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally, create new restore point and see if Combofix will run.
 

Attachments

  • fixlist.txt
    919 bytes · Views: 1
Not sure if I ran the Fix correctly. It seemed to un fine, but still cant get Combofix to complete. After I ran the fix in FRST, I reboot to norman and ran Combofix. It locked after 5 minutes, but I let it go for 40 minutes before I reboot. I boot to Safe Mode and ran Combofix again. This time the clock didn't lock up for 28 minutes. After 35 minutes I reboot and came to post.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-09-2012
Ran by SYSTEM at 2012-09-23 19:20:48 Run:1
Running from I:\
==============================================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Users\All Users\ltgubaa.tmp moved successfully.
C:\Users\All Users\ktgubaa.tmp moved successfully.
C:\Users\All Users\bcfrhaa.tmp moved successfully.
C:\Users\All Users\gpxbbaa.tmp moved successfully.
C:\Users\All Users\hpxbbaa.tmp moved successfully.
C:\Windows\System32\svchost.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe copied successfully to C:\Windows\System32\svchost.exe
C:\Windows\System32\winlogon.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe copied successfully to C:\Windows\System32\winlogon.exe
C:\Windows\explorer.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe copied successfully to C:\Windows\explorer.exe
==== End of Fixlog ====
 
Just as a note:
I just ran a Google search and was NOT redirected after clicking a link ----- that's a HUGE improvement!
Nor am I getting the constant pop-up from Malwarebytes telling me it has successfully blocked an IP address ---- another HUGE improvement!
 
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : HP_Owner [Admin rights]
Mode : Scan -- Date : 09/24/2012 09:47:54
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0x8311063A)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3250318AS ATA Device +++++
--- User ---
[MBR] 6e7de95dad4e19bb7e44c88b8c00d346
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238475 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
 
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : HP_Owner [Admin rights]
Mode : Remove -- Date : 09/24/2012 09:48:11
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
_INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0x8311063A)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3250318AS ATA Device +++++
--- User ---
[MBR] 6e7de95dad4e19bb7e44c88b8c00d346
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238475 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 09/24/2012 09:53:42 AM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
20 out of 15123 HOSTS entries shown.
Please review HOSTS file for further entries.
Program finished at: 09/24/2012 09:53:48 AM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)
 
Very good :)

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 9/24/2012 10:08:20 AM - Run 1
OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\HP_Owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 64.51% Memory free
3.92 Gb Paging File | 2.95 Gb Available in Paging File | 75.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.89 Gb Total Space | 145.51 Gb Free Space | 62.48% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/24 10:06:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP_Owner\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/25 13:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/14 14:46:14 | 000,182,784 | ---- | M] () -- C:\Program Files\Allway Sync\Bin\SyncService.exe
PRC - [2011/12/06 14:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 14:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/05/18 09:32:50 | 000,283,032 | ---- | M] (Binary Fortress Software) -- C:\Program Files\TrayStatus\TrayStatus.exe
PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/23 16:24:32 | 000,701,592 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Elite Desktop\HPKEYBOARDg.EXE
PRC - [2009/03/27 23:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/09 22:42:00 | 000,492,896 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2008/04/09 21:23:22 | 000,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008/04/09 21:14:28 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/04/09 21:14:18 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/04/09 21:11:24 | 002,595,792 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 20:55:58 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 20:55:50 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 00:34:30 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 00:34:25 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/12/06 14:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/17 11:46:04 | 008,626,176 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2011/06/17 11:46:02 | 002,408,448 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2011/06/17 11:46:02 | 000,212,992 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/01/03 14:46:18 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/12/12 18:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/12/12 18:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/04/09 19:46:56 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/09/20 19:42:03 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/05 18:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/25 13:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/14 14:46:14 | 000,182,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Allway Sync\Bin\SyncService.exe -- (BotkindSyncService)
SRV - [2012/03/31 23:22:05 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/12/06 14:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/06/25 23:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\A_Wisdom_Fix12817A\pev.3XE -- (PEVSystemStart)
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/05/07 18:23:01 | 000,390,952 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/04 19:15:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/06 12:58:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/27 23:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/13 12:43:49 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/09 22:42:00 | 000,492,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008/04/09 21:14:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\HP_Owner\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2012/09/23 11:57:43 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\HP_Owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/25 13:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011/08/01 15:56:42 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/01/23 18:11:12 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2010/01/23 18:11:12 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/01/23 18:11:09 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2010/01/23 18:11:05 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2009/09/11 13:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 13:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 13:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/08/13 16:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/12/12 18:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/07/22 08:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/05/04 06:48:00 | 000,090,229 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\P1130Vid.sys -- (P1130VID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Personal.htm
IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 65 0E 11 89 7C CB 01 [binary data]
IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\SearchScopes,DefaultScope = {B1FA87B9-86EC-4D8B-8516-61214C576AE9}
IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\SearchScopes\{73D67C89-8194-42FE-BAD4-7BC93ADC660C}: "URL" =
IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\SearchScopes\{B1FA87B9-86EC-4D8B-8516-61214C576AE9}: "URL" = http://www.google.com/search?q={sea...tIndex?}&startPage={startPage}&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>;192.168.*.*

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: ieurwbofrk@ieurwbofrk.org:2.5
FF - prefs.js..extensions.enabledItems: caaphishtoolbar@ca.com:2.0.0.108
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP_Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\caaphishtoolbar@ca.com: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/15 20:03:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/19 18:41:15 | 000,000,000 | ---D | M]

[2010/11/04 17:59:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP_Owner\AppData\Roaming\mozilla\Extensions
[2012/09/15 18:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP_Owner\AppData\Roaming\mozilla\Firefox\Profiles\0l621xpy.default\extensions
[2012/09/15 18:19:35 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\HP_Owner\AppData\Roaming\mozilla\Firefox\Profiles\0l621xpy.default\extensions\crossriderapp2258@crossrider.com
[2009/07/13 16:11:12 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\HP_Owner\AppData\Roaming\mozilla\firefox\profiles\0l621xpy.default\extensions\ieurwbofrk@ieurwbofrk.org.xpi
[2012/09/15 20:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/26 14:09:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/09/05 18:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/10 15:38:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/02/20 16:04:02 | 002,463,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2012/09/05 18:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 18:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.71\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.71\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.71\gears.dll
CHR - plugin: getPlusPlus for Adobe 162103 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\HP_Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/04 12:21:44 | 000,439,065 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15100 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Total Defense Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\Toolbar\WebBrowser: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP KEYBOARDg] C:\Program Files\Hewlett-Packard\HP Wireless Elite Desktop\HPKEYBOARDg.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-844803567-2663946769-357207313-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-844803567-2663946769-357207313-1001..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-844803567-2663946769-357207313-1001..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe ()
O4 - HKU\S-1-5-21-844803567-2663946769-357207313-1001..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-844803567-2663946769-357207313-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-844803567-2663946769-357207313-1001..\Run: [TrayStatus] C:\Program Files\TrayStatus\TrayStatus.exe (Binary Fortress Software)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab (VersionControl Class)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F8DF6BB-15C2-4313-A248-9F99C49825F4}: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF37EE73-94B3-4E01-BEA2-429DF2AD8003}: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/01 19:25:58 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell\configure\command - "" = Autorun.exe.EXE
O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell\install\command - "" = Autorun.exe.EXE
O33 - MountPoints2\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O33 - MountPoints2\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\Shell - "" = AutoRun
O33 - MountPoints2\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\Shell\AutoRun\command - "" = J:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/24 10:06:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HP_Owner\Desktop\OTL.exe
[2012/09/23 23:54:36 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Roaming\Yahoo!
[2012/09/23 20:36:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/23 20:09:08 | 000,000,000 | --SD | C] -- C:\A_Wisdom_Fix12817A
[2012/09/23 18:43:33 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/23 13:46:14 | 000,000,000 | --SD | C] -- C:\A_Wisdom_Fix5437A
[2012/09/23 11:56:46 | 000,000,000 | --SD | C] -- C:\A_Wisdom_Fix
[2012/09/23 11:47:45 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\HP_Owner\Desktop\iExplore.exe
[2012/09/23 11:46:57 | 004,755,721 | R--- | C] (Swearware) -- C:\Users\HP_Owner\Desktop\A_Wisdom_Fix.exe
[2012/09/22 21:46:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/22 21:46:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/22 21:46:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/22 21:46:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/22 21:45:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/22 21:35:15 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\HP_Owner\Desktop\rkill.exe
[2012/09/22 17:36:29 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\Desktop\RK_Quarantine
[2012/09/19 22:18:15 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\Desktop\Temp
[2012/09/19 16:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/19 15:36:17 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Local\Macromedia
[2012/09/19 13:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/19 13:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/09/19 13:40:35 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Local\PC Cleanup Utility Inc
[2012/09/19 13:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Cleanup Utility Inc
[2012/09/19 13:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\PC Cleanup Utility
[2012/09/19 10:31:30 | 000,000,000 | ---D | C] -- C:\Temp
[2012/09/19 10:27:28 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2012/09/16 17:42:16 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/09/16 17:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/09/15 20:33:35 | 000,000,000 | ---D | C] -- C:\Motorola
[2012/09/15 20:06:36 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Roaming\Malwarebytes
[2012/09/15 20:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/15 20:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/15 20:06:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/15 20:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/15 19:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012/09/15 19:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/15 19:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/15 19:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/15 19:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/15 16:04:31 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Roaming\SUPERAntiSpyware.com
[2012/09/15 16:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/02 14:00:58 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Roaming\xsecva
[2012/09/02 13:58:02 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Local\{E30CF1F5-F540-11E1-8270-B8AC6F996F26}
[2012/09/01 13:30:36 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Local\Xobni
[2012/09/01 13:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Xobni
[2012/08/29 17:13:30 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\Desktop\2012-08-29 AW_Card
[2012/08/28 21:11:02 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\Desktop\Galeries
[2012/08/25 22:34:38 | 000,000,000 | ---D | C] -- C:\Users\HP_Owner\AppData\Roaming\Nero
[2012/08/25 22:01:27 | 000,000,000 | ---D | C] -- C:\Sandbox
[2012/08/25 21:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/08/25 21:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/25 21:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/25 13:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF8502FA96D5026EDA02F875F020
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/24 10:06:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP_Owner\Desktop\OTL.exe
[2012/09/24 09:47:03 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/24 09:47:03 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/24 09:44:11 | 000,693,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/24 09:44:11 | 000,130,732 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/24 09:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/24 09:39:46 | 000,000,498 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/09/24 09:39:46 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/09/24 09:39:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/24 09:39:39 | 1580,371,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/23 23:30:50 | 000,002,282 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/09/23 18:00:01 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/09/23 13:38:31 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/23 11:47:45 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\HP_Owner\Desktop\iExplore.exe
[2012/09/23 11:46:57 | 004,755,721 | R--- | M] (Swearware) -- C:\Users\HP_Owner\Desktop\A_Wisdom_Fix.exe
[2012/09/22 21:35:15 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\HP_Owner\Desktop\rkill.exe
[2012/09/22 17:22:49 | 001,388,032 | ---- | M] () -- C:\Users\HP_Owner\Desktop\RogueKiller.exe
[2012/09/22 12:17:29 | 000,229,228 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2012/09/21 14:18:40 | 000,046,343 | ---- | M] () -- C:\Users\HP_Owner\Desktop\2012 09 20 Stelmakh Proposal II.pdf
[2012/09/20 14:47:01 | 000,000,040 | ---- | M] () -- C:\Users\HP_Owner\AppData\Roaming\mbam.context.scan
[2012/09/20 08:35:08 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/09/20 03:00:01 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\ErrorEND.job
[2012/09/19 17:44:02 | 223,850,095 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/19 16:25:25 | 000,951,913 | ---- | M] () -- C:\Users\HP_Owner\Desktop\A_Wisdom Examples_2012.pdf
[2012/09/19 15:52:00 | 000,503,893 | ---- | M] () -- C:\Users\HP_Owner\Desktop\A_Wisdom References_2012.pdf
[2012/09/19 15:51:30 | 000,751,719 | ---- | M] () -- C:\Users\HP_Owner\Desktop\A_Wisdom Resume_2012.pdf
[2012/09/19 15:46:08 | 000,545,455 | ---- | M] () -- C:\Users\HP_Owner\Desktop\A_Wisdom Cover AIA.pdf
[2012/09/19 10:27:18 | 000,000,005 | ---- | M] () -- C:\0.bak
[2012/09/18 17:06:44 | 000,013,338 | ---- | M] () -- C:\0
[2012/09/16 09:03:49 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/09/15 20:04:47 | 000,002,001 | ---- | M] () -- C:\Users\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/15 19:57:50 | 000,001,056 | ---- | M] () -- C:\Users\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/09/15 19:49:49 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/15 17:43:13 | 000,000,000 | ---- | M] () -- C:\Users\HP_Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/31 11:17:46 | 000,000,380 | ---- | M] () -- C:\edu.bmp
[2012/08/31 11:17:46 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
[2012/08/31 11:17:46 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
[2012/08/31 11:17:46 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
[2012/08/31 11:17:46 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
[2012/08/31 11:17:46 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
[2012/08/31 11:17:46 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
[2012/08/31 11:17:46 | 000,000,138 | ---- | M] () -- C:\flk2.gif
[2012/08/31 11:17:46 | 000,000,103 | ---- | M] () -- C:\del_1.gif
[2012/08/29 14:07:59 | 000,000,304 | ---- | M] () -- C:\dir.bmp
[2012/08/29 14:07:59 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
[2012/08/29 14:07:59 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
[2012/08/29 14:07:59 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
[2012/08/29 14:07:58 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
[2012/08/29 14:07:58 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/24 09:46:09 | 001,388,032 | ---- | C] () -- C:\Users\HP_Owner\Desktop\RogueKiller.exe
[2012/09/22 21:46:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/22 21:46:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/22 21:46:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/22 21:46:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/22 21:46:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/22 14:03:40 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/21 14:18:39 | 000,046,343 | ---- | C] () -- C:\Users\HP_Owner\Desktop\2012 09 20 Stelmakh Proposal II.pdf
[2012/09/20 14:47:01 | 000,000,040 | ---- | C] () -- C:\Users\HP_Owner\AppData\Roaming\mbam.context.scan
[2012/09/19 17:44:02 | 223,850,095 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/19 15:52:43 | 000,545,455 | ---- | C] () -- C:\Users\HP_Owner\Desktop\A_Wisdom Cover AIA.pdf
[2012/09/19 10:27:18 | 000,000,005 | ---- | C] () -- C:\0.bak
[2012/09/16 14:07:15 | 000,000,498 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/09/15 20:03:44 | 000,001,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/15 19:58:14 | 000,001,056 | ---- | C] () -- C:\Users\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/09/15 19:58:11 | 000,002,282 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/09/15 19:49:49 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/02 13:58:02 | 000,000,000 | ---- | C] () -- C:\Users\HP_Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/08/31 11:17:46 | 000,000,380 | ---- | C] () -- C:\edu.bmp
[2012/08/31 11:17:46 | 000,000,284 | ---- | C] () -- C:\srch_map_1.gif
[2012/08/31 11:17:46 | 000,000,277 | ---- | C] () -- C:\mov_1.gif
[2012/08/31 11:17:46 | 000,000,274 | ---- | C] () -- C:\trav_1.gif
[2012/08/31 11:17:46 | 000,000,273 | ---- | C] () -- C:\srch_stk_1.gif
[2012/08/31 11:17:46 | 000,000,268 | ---- | C] () -- C:\ab_1.gif
[2012/08/31 11:17:46 | 000,000,240 | ---- | C] () -- C:\srch_site_1.gif
[2012/08/31 11:17:46 | 000,000,138 | ---- | C] () -- C:\flk2.gif
[2012/08/31 11:17:46 | 000,000,103 | ---- | C] () -- C:\del_1.gif
[2012/08/29 14:07:59 | 000,000,304 | ---- | C] () -- C:\dir.bmp
[2012/08/29 14:07:59 | 000,000,279 | ---- | C] () -- C:\hj_1.gif
[2012/08/29 14:07:59 | 000,000,121 | ---- | C] () -- C:\srch_nws_1.gif
[2012/08/29 14:07:58 | 000,000,265 | ---- | C] () -- C:\srch_ans_1.gif
[2012/08/29 14:07:58 | 000,000,123 | ---- | C] () -- C:\srch_sh_1.gif
[2012/08/29 14:07:58 | 000,000,113 | ---- | C] () -- C:\srch_aud_1.gif
[2012/07/30 22:11:41 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012/03/31 23:22:36 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/09/08 23:51:16 | 000,000,116 | ---- | C] () -- C:\Users\HP_Owner\Adobe Encore_AME.pref
[2011/09/08 20:55:19 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011/07/09 08:56:42 | 002,616,320 | ---- | C] () -- C:\Windows\expl.dat
[2011/07/09 08:56:42 | 000,286,720 | ---- | C] () -- C:\Windows\System32\winl.dat
[2011/07/09 08:56:42 | 000,020,992 | ---- | C] () -- C:\Windows\System32\svch.dat
[2011/05/14 18:06:10 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2011/04/08 21:49:57 | 000,038,432 | ---- | C] () -- C:\Users\HP_Owner\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/03/26 14:17:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/11 20:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 20:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 20:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 19:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/10/24 16:28:14 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
[2010/01/25 17:50:19 | 000,007,605 | ---- | C] () -- C:\Users\HP_Owner\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:D282699C
< End of report >
 
OTL Extras logfile created on: 9/24/2012 10:08:20 AM - Run 1
OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\HP_Owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 64.51% Memory free
3.92 Gb Paging File | 2.95 Gb Available in Paging File | 75.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.89 Gb Total Space | 145.51 Gb Free Space | 62.48% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.scr [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A1E9358-9A8F-4B33-87A4-E0F886AAD0DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0AD3107B-568C-42A9-9CD3-28E9FC0AA97E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A05129D-3785-4670-9B8A-03F2777FE2DF}" = lport=137 | protocol=17 | dir=in | app=system |
"{1CA50C22-E797-4C59-B2EE-A56B0BDA7A44}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{3668A097-E6C8-49BD-9078-16FA94E0EB80}" = rport=10243 | protocol=6 | dir=out | app=system |
"{37663789-A3A6-4F36-AAFF-F7BDE2DDA37A}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{38C5B6A8-CB86-4A2E-81E5-849B4D9A8BA3}" = lport=139 | protocol=6 | dir=in | app=system |
"{438E2359-B474-48A8-BF03-6104D96277F3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.21006\smsvchost.exe |
"{442ABAE8-30FD-4168-8E50-B8CD92BAC36C}" = rport=137 | protocol=17 | dir=out | app=system |
"{459183D0-8FE9-4ECE-B16A-2F475DA76B04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47826B51-7DE1-4E78-91EB-E7AC1A4DAC22}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4E7BAA14-BB99-4A7D-848B-73AF350B3617}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5ED1A95D-089C-42A2-9A98-B3C9291E225B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{61AC2993-80E5-45EF-8A48-B923EA9442AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6CEA77D8-ADCF-41BD-9165-8DD9036877C3}" = lport=445 | protocol=6 | dir=in | app=system |
"{6EFE380F-55F6-4999-B7A3-FDABFFFE8CA0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EA0DD18-B229-43F3-B536-80654CAA0B23}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{84545AD7-6B5A-4D3F-AA8A-425D8F6F87EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{9365B18C-03F8-45D6-9879-446EACE35F21}" = rport=445 | protocol=6 | dir=out | app=system |
"{A2B1CD4E-8D9A-4500-ACDC-F3EBCFDD048A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3ECAC60-CF48-4703-A3E6-7E1ECAD8C36E}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{A45C98AD-EDB5-4078-B649-45BB4E18BE4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{A4C4E45E-8D79-4F0E-BF19-1773A5D6FD15}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{A4C96F6C-48B7-4CB7-95D8-A999315AC2FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADDCD2B1-2CEF-476F-8027-D121A6770641}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B4D656C5-7609-4166-AF7C-BD10BC8B618A}" = lport=138 | protocol=17 | dir=in | app=system |
"{B61A0F36-A806-4645-A680-6E39496A8730}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C03D247B-AA0E-4E96-AF00-64D64A25C73D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C0F7AC79-5817-4188-B20F-182635DFE200}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{C3923C12-33E5-4409-B887-C28EA4EFB51A}" = rport=138 | protocol=17 | dir=out | app=system |
"{C8C3B115-4FDA-44D3-9B2A-2DC3FD2416F9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CED50CEC-51BF-4AB2-BDF7-23B4775785C2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D576965B-580C-42E9-930D-3582AA7D767B}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{D96ECD6B-FD75-4B2F-90F9-69B5ECF23970}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{F5C75536-6423-41DA-907A-933AB6FB78FB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{F7604BDE-3225-44D3-A5E1-6999969E9F01}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA4250A2-78A8-4890-8B29-70FAFADE74A3}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B58E8D9-616B-4E94-A409-B537884161C5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1BB45D00-2A14-441C-82DC-11D8E03FDA9A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2114111B-AB0D-4FD4-972D-15BEA3F3897F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{29C23C7A-F2DE-4E34-B25A-E047D6ECE9C7}" = dir=in | app=c:\program files\freefileviewer\ffvcheckforupdates.exe |
"{3372495B-7656-4FCB-85A8-D3738587AE92}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{47B1510C-F1EA-48DE-A4FB-CEE288EEB2FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51941DEC-EEE5-481E-ACB0-C2DF8BD2812C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{57BD9BBA-7B85-47E2-AFC1-0554A76B206E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5988C273-384A-4C20-9CB5-F51723E7C48A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{67D20F0E-76AA-4719-A5EE-D5399E189E25}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{68DC9F5E-FC9A-4C4A-AB29-6CB9AD4F0B4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BB1D31B-4F21-435E-8200-52CABA1D07F8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{71C2296F-EF3B-4B3C-93D7-23EE1BE1147D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{72A5410D-B2B8-4405-AE12-D9B097049862}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7B2A9754-9C43-43B2-9E2F-136295DF7504}" = protocol=17 | dir=in | app=c:\users\hp_owner\desktop\facemoods.exe |
"{7E62B5C8-A69A-411B-B8EF-6602BBE04FEF}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{83548578-A3E8-446B-981A-BCF5F97767A4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\j4today2000\counter-strike source\hl2.exe |
"{883B0750-F10C-4FC5-B7F9-D334553A1A72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B82ED4B-E64B-44A5-BBAF-EC8A1040A3F4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8BF09711-8729-4D0C-9334-F43C4432B5B3}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8C84438D-C731-4272-972B-B8A0C802C314}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8CA122E4-828F-4031-A2E3-006E410ECEC2}" = protocol=6 | dir=out | app=system |
"{8E7AB332-658F-47CC-978A-0416ABABCA11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{948CB784-6D9A-495B-A3EA-F1DB0FF75761}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95277D2F-A20E-4326-B055-65102114FEE1}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{9937D5F2-1712-4177-A5A4-F7A050B17A6D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9ECE7EF5-31BD-45CB-B3B7-B5606336A986}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{A64832A8-78A2-4A1D-B6D0-B80555E208BC}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{AEA650A8-7E09-4B4F-BD5D-FA422169BCC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9916AD6-C892-4111-81FC-CB80B1F53B7C}" = protocol=6 | dir=in | app=c:\users\hp_owner\desktop\facemoods.exe |
"{C5C5844A-DECF-4767-B319-6A355EDD0404}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C788A6E0-996E-4EE2-918E-818A993664FA}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D4EDF1C7-3E3F-4B2F-B625-A58F0315AB02}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{D8F71A2B-F143-480C-BC49-53CBA3BA1907}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\j4today2000\counter-strike source\hl2.exe |
"{E4967DF0-DFE5-4F20-83D5-68AE90E3FAD3}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{F28F8712-8CC0-40BD-B608-CFADDD5B9D96}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F76FAA4C-BBDB-4426-9B36-436D0A5E0699}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FE39FB4E-20BE-46A8-9C84-D92335DCDAF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0363C7DA-291C-454E-A318-570D4FC0A040}" = HGTV Ultimate Home Design with Landscaping & Decks
"{03CDDD00-BD57-4326-9480-4C74449AF597}" = PhotoStitch
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Camera Window
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{20FA8AEE-E785-4F79-98EB-2067A8F395F4}" = Monopoly
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu for Office 2007 v5.20
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.2
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-9001-0409-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
"{5783F2D7-A001-0409-0002-0060B0CE6BBA}" = AutoCAD 2012 - English
"{5783F2D7-A001-0409-1002-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C12B6BF-3891-497B-B5CA-3D64DA093947}" = Motorola Mobile Drivers Installation 5.4.0
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EA053AE-DC8F-44C0-9090-DAB1D7F56831}" = HGTV Instant Makeover
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A527C2E8-3B05-4C35-9A6A-250C571FA9D6}" = Dfx Essentials
"{A62F50D4-EED7-4417-A382-E89ABCF11BAC}" = SketchUp DWG Importer
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C38D079C-950D-4F18-BF7B-CE58DE86D3BD}" = Image Resizer Powertoy Clone for Windows
"{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}" = Hallmark Card Studio 2009
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{c623c967-f430-49f8-bc6d-a0803dcbf984}" = Nero 9 Essentials
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB64B248-2E30-3948-DB5C-6FB44E282789}" = Overhead Door Configurator
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"1381-5408-0515-7060" = RAIDar 4.3.4
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Allway Sync_is1" = Allway Sync version 12.1.1
"AutoCAD 2012 - English" = AutoCAD 2012 - English
"AutoCAD 2012 - English SP1" = AutoCAD 2012 - English SP1
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion 2012 SP2" = Autodesk Inventor Fusion 2012 SP2
"Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"Brain Fitness" = Brain Fitness
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"converter3df 1_is1" = converter3df
"Cookie Jar" = Cookie Jar
"Creative PD1130" = Creative WebCam NX Pro Driver (1.03.03.0326)
"d6b74f60-2e9d-4c60-a8b7-b7d737c44ad4_is1" = TrayStatus 1.2.3
"Dfx Essentials" = Dfx Essentials
"DriverFinder" = DriverFinder
"EGREEN" = ASUS E-Green Uninstall
"E-Hammer1.0.0" = E-Hammer
"F0D6F43C6D0793421B9187C6B7D03CDB39625C46" = Windows Driver Package - Realtek (RTL8167) Net (11/23/2011 7.050.1123.2011)
"Family Tree Maker 2010" = Family Tree Maker 2010
"FileZilla Client" = FileZilla Client 3.3.1
"FreeFileViewer_is1" = Free File Viewer 2012
"GameSpy Arcade" = GameSpy Arcade
"HP Wireless Elite Desktop_is1" = HP Wireless Elite Desktop
"InstallShield_{0363C7DA-291C-454E-A318-570D4FC0A040}" = HGTV Ultimate Home Design with Landscaping & Decks
"InstallShield_{03CDDD00-BD57-4326-9480-4C74449AF597}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{093625E3-7B87-49D3-AA53-AD0FCFABAF49}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Money2006b" = Microsoft Money 2006
"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"PhotoRecord" = Canon PhotoRecord
"PROPLUS" = Microsoft Office Professional Plus 2007
"renoworks.configurators.OHD.9053907FED92C623A3F2791C32BD26ACC048CEAF.1" = Overhead Door Configurator
"Revo Uninstaller" = Revo Uninstaller 1.93
"Sandboxie" = Sandboxie 3.74 (32-bit)
"Signature995" = Signature99574 (32-BIT
"StarLancer 1.0" = Microsoft StarLancer
"Steam App 320" = Half-Life 2: Deathmatch
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"WinZip" = WinZip
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/13/2011 2:04:25 AM | Computer Name = HP_Pavilian | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\PDF995\res\drivedir\copy64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/13/2011 2:05:55 AM | Computer Name = HP_Pavilian | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 11/13/2011 6:02:51 PM | Computer Name = HP_Pavilian | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 11/13/2011 6:02:51 PM | Computer Name = HP_Pavilian | Source = Bonjour Service | ID = 100
Description = 452: ERROR: read_msg errno 0 (The operation completed successfully.)

Error - 11/13/2011 6:04:54 PM | Computer Name = HP_Pavilian | Source = UmxAgent | ID = 99
Description =

Error - 11/13/2011 9:37:21 PM | Computer Name = HP_Pavilian | Source = UmxAgent | ID = 99
Description =

Error - 11/16/2011 2:38:15 AM | Computer Name = HP_Pavilian | Source = UmxAgent | ID = 99
Description =

Error - 11/16/2011 3:09:29 AM | Computer Name = HP_Pavilian | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\PDF995\pdf995_old\res\drivedir\copy64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/16/2011 3:09:31 AM | Computer Name = HP_Pavilian | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\PDF995\res\drivedir\copy64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/16/2011 3:11:01 AM | Computer Name = HP_Pavilian | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 8/27/2011 10:44:09 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
Description = 7:44:09 PM - Error connecting to the internet. 7:44:09 PM - Unable
to contact server..

Error - 8/27/2011 10:44:16 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
Description = 7:44:14 PM - Error connecting to the internet. 7:44:14 PM - Unable
to contact server..

Error - 8/28/2011 6:24:04 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
Description = 3:24:04 PM - Error connecting to the internet. 3:24:04 PM - Unable
to contact server..

Error - 8/28/2011 6:24:20 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
Description = 3:24:09 PM - Error connecting to the internet. 3:24:09 PM - Unable
to contact server..

Error - 8/28/2011 10:18:11 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
Description = 7:18:11 PM - Error connecting to the internet. 7:18:11 PM - Unable
to contact server..

Error - 8/28/2011 10:18:21 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
Description = 7:18:16 PM - Error connecting to the internet. 7:18:16 PM - Unable
to contact server..

Error - 8/30/2011 9:16:57 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
Description = 6:16:57 PM - Error connecting to the internet. 6:16:57 PM - Unable
to contact server..

Error - 8/30/2011 9:17:08 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
Description = 6:17:03 PM - Error connecting to the internet. 6:17:03 PM - Unable
to contact server..

Error - 9/2/2011 10:40:24 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
Description = 7:40:24 PM - Error connecting to the internet. 7:40:24 PM - Unable
to contact server..

Error - 9/2/2011 10:40:34 PM | Computer Name = HP_Pavilian | Source = MCUpdate | ID = 0
Description = 7:40:29 PM - Error connecting to the internet. 7:40:29 PM - Unable
to contact server..

[ OSession Events ]
Error - 6/22/2011 3:46:50 AM | Computer Name = HP_Pavilian | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 737
seconds with 60 seconds of active time. This session ended with a crash.

Error - 8/23/2012 7:42:48 PM | Computer Name = Desktop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 134
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/23/2012 11:04:45 PM | Computer Name = Desktop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:31:29 PM on ?9/?23/?2012 was unexpected.

Error - 9/23/2012 11:04:50 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache spldr Wanarpv6

Error - 9/23/2012 11:04:56 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
Description =

Error - 9/23/2012 11:05:01 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
Description =

Error - 9/23/2012 11:05:05 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
Description =

Error - 9/23/2012 11:05:15 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
Description =

Error - 9/23/2012 11:05:15 PM | Computer Name = Desktop | Source = DCOM | ID = 10005
Description =

Error - 9/23/2012 11:36:35 PM | Computer Name = Desktop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:09:38 PM on ?9/?23/?2012 was unexpected.

Error - 9/23/2012 11:37:01 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7034
Description = The Linksys Updater service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/24/2012 12:40:00 PM | Computer Name = Desktop | Source = Service Control Manager | ID = 7034
Description = The Linksys Updater service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-844803567-2663946769-357207313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>;192.168.*.*
FF - prefs.js..extensions.enabledAddons: ieurwbofrk@ieurwbofrk.org:2.5
[2009/07/13 16:11:12 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\HP_Owner\AppData\Roaming\mozilla\firefox\profiles\0l621xpy.default\extensions\ieurwbofrk@ieurwbofrk.org.xpi
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Total Defense Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
O3 - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..\Toolbar\WebBrowser: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll File not found
O4 - HKU\S-1-5-21-844803567-2663946769-357207313-1001..\Run: [AdobeBridge] File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex File not found
O15 - HKU\S-1-5-21-844803567-2663946769-357207313-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell\configure\command - "" = Autorun.exe.EXE
O33 - MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\Shell\install\command - "" = Autorun.exe.EXE
O33 - MountPoints2\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O33 - MountPoints2\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\Shell - "" = AutoRun
O33 - MountPoints2\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\Shell\AutoRun\command - "" = J:\setup.exe -a
[2012/09/23 18:43:33 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/02 13:58:02 | 000,000,000 | ---- | C] () -- C:\Users\HP_Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:D282699C

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

===================================

Now it's time to install some AV program...
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

===================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
HKU\S-1-5-21-844803567-2663946769-357207313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: ieurwbofrk@ieurwbofrk.org:2.5 removed from extensions.enabledAddons
C:\Users\HP_Owner\AppData\Roaming\mozilla\firefox\profiles\0l621xpy.default\extensions\ieurwbofrk@ieurwbofrk.org.xpi moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45011CF5-E4A9-4F13-9093-F30A784EB9B2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45011CF5-E4A9-4F13-9093-F30A784EB9B2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}\ not found.
Registry value HKEY_USERS\S-1-5-21-844803567-2663946769-357207313-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}\ not found.
Registry value HKEY_USERS\S-1-5-21-844803567-2663946769-357207313-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate not found.
Registry key HKEY_USERS\S-1-5-21-844803567-2663946769-357207313-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ not found.
File D:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49a28cfe-6251-11e1-990b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b26a6a8c-0868-11df-ab48-806e6f6e6963}\ not found.
File E:\AUTORUN.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2cc4cc4-e189-11e1-aa19-00270e08c22c}\ not found.
File J:\setup.exe -a not found.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Users\HP_Owner\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
ADS C:\ProgramData\TEMP:D282699C deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: HP_Owner
->Temp folder emptied: 89929159 bytes
->Temporary Internet Files folder emptied: 78290515 bytes
->Java cache emptied: 12162231 bytes
->FireFox cache emptied: 65358184 bytes
->Flash cache emptied: 643 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2859608 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 237.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: HP_Owner
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool

User: HP_Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.66.2 log created on 09252012_120429
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
Adobe Flash Player 9 Flash Player out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 19-09-2012
Ran by HP_Owner (administrator) on 25-09-2012 at 12:19:53
Running from "C:\Users\HP_Owner\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-16 12:50] - [2012-08-22 10:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****
 
# AdwCleaner v2.003 - Logfile created 09/25/2012 at 12:22:09
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : HP_Owner - DESKTOP
# Boot Mode : Normal
# Running from : C:\Users\HP_Owner\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\Users\HP_Owner\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Users\HP_Owner\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\HP_Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0l621xpy.default\extensions\crossriderapp2258@crossrider.com
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v15.0.1 (en-US)
Profile name : default
File : C:\Users\HP_Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0l621xpy.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\HP_Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [2147 octets] - [25/09/2012 12:22:09]
########## EOF - C:\AdwCleaner[S1].txt - [2207 octets] ##########
 
OK - I ran he OTL with the fix, then the SecurityCheck, FSS, AdwCleaner, and TFC (no report created - but removed over 600 mb)
When I opened IE to run the ESET online scanner, internet explored it taking FOREVER to load the page (any page). I have resorted to Firefox (which runs just fine) just to write this post.
 
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAgentwu.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\HP_Owner\AppData\Local\Google\Chrome\User Data\Default\Default\aadddbdfgcdjdbgfdfdhdidadegegddi\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\HP_Owner\AppData\Local\Google\Chrome\User Data\Default\Default\aadddbdfgcdjdbgfdfdhdidadegegddi\ContentScript.js Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\2vf769jy.default\extensions\ieurwbofrk@ieurwbofrk.org.xpi JS/Redirector.NCA trojan deleted - quarantined
C:\_OTL\MovedFiles\09252012_120429\C_FRST\Quarantine\explorer.exe a variant of Win32/Patched.IA trojan deleted - quarantined
C:\_OTL\MovedFiles\09252012_120429\C_Users\HP_Owner\AppData\Roaming\mozilla\firefox\profiles\0l621xpy.default\extensions\ieurwbofrk@ieurwbofrk.org.xpi JS/Redirector.NCA trojan deleted - quarantined
 
Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

==============================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

13. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 110554315 bytes
->Temporary Internet Files folder emptied: 22244286 bytes
->Java cache emptied: 125041 bytes
->FireFox cache emptied: 45796625 bytes
->Flash cache emptied: 860 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 161712 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 171.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool

User: HP_Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: DefaultAppPool

User: HP_Owner
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.66.2 log created on 09262012_101325

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
28 hours later - 6 with hard usage including a LOT of internet searches - and everything seems to be running great. I had to reset my Internet Explorer to get it to act normal, but the glitch when downloading a page has been cleared up.

Thank you so much for your help. I think we can close this tread.

Thank you,
A
 
Yes!!
p4193502.gif

Good luck and stay safe :)
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
bruzynski
Inactive Do I have a Virus?
Replies
12
Views
6K
Broni
Broni

Latest posts

Back