virus/trojan? HELP!

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

4 Pages
1
2
3
→
Last »

You cannot start a new topic
This topic is locked

virus/trojan? HELP!

#1 jrosen19

Member

Group: Members
Posts: 28
Joined: 29-December 09

Posted 29 December 2009 - 05:59 PM

I have been trying to remove this infection on my friends computer, but I am having very little luck. When she first gave it to me it was locking up, freezing, so I went to msconfig and checked to see what was running at startup and there were like 26000 programs set to run at startup. I unchecked all, then rebooted and ran malware bytes and it showed all those files on the log(attached). I thought I was good, but then the programs started showing up to load at startup again, like thousands of programs. I unchecked all again, and this time malewarebytes didnt show anything, but there is still something going on. I have attached the DDS logs, but I could not run the rootrepeal because it said "rootreapeal does not support 64 bit OS"

Thanks in advance if anyone can help me.

Attached File(s)

DDS.txt (24.6K)
Number of downloads: 16
Attach.txt (8.51K)
Number of downloads: 13
mbam_log_2009_12_24__20_18_22_.zip (101.64K)
Number of downloads: 21

#2 Orange Blossom

OBleepin Investigator

Group: Moderator
Posts: 29,398
Joined: 14-July 06
Gender:Not Telling
Location:Bloomington, IN

Posted 08 January 2010 - 11:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results, click no to the Optional_Scan
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 jrosen19

Member

Group: Members
Posts: 28
Joined: 29-December 09

Posted 10 January 2010 - 09:44 PM

I am going to get the laptop back tomorrow and I will post the new dds log at that time. Thank you

#4 jrosen19

Member

Group: Members
Posts: 28
Joined: 29-December 09

Posted 12 January 2010 - 12:20 PM

Well as indicated in my first post, this laptop appeared to be severly affected. The maleware was setting many thousands of programs at startup which was causing the computer to freeze. I disabled the programs in startup and finally got malewarebytes to work, which found and removed like 26000 problems( I attatched the log in the first post). I also ran superAntiSpyware and it also found several seperate issues. I can't find the Superantispyware log, but there are rougue programs that it flagged and they are still under quaranteen. Currently the computer seems to be running better, but there may still be some maleware present. One problem I have is that the wireless internet does not work now. The device manager says the wireless adapter is working properly, yet when I try to connect wirelessly it says "The network adapter "Atheros AR5007 802.11b/g WiFi Adapter" is experiencing driver or hardware related issues." This stopped working after running the antimaleware scans. I tried updated the driver from the HP website, but this did not work.

Another issue I have is when I try to change anything in the startup, the computer will start to automatically shut off. This has happened several times to me. The computer will keep shutting of untill I can get it started in safe mode, then hurry up and do a restart. At that point the laptop will stay on for as long as I want, but if I try to adjust the settings using msconfig-- the computer will start shutting down (when I say shutting down, I mean like as the plug was pulled with no battery, it just shuts off)

Here is the new DDS log:

DDS (Ver_09-12-01.01) - NTFSX64
Run by Brenda at 12:01:03.81 on Tue 01/12/2010
Internet Explorer: 8.0.6001.18865
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2299 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5d1a7764\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5d1a7764\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\rundll32.exe
C:\Users\Brenda\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uSearch Page =
uSearch Bar =
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\syswow64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files (x86)\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton 360\engine\3.5.2.11\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files (x86)\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files (x86)\yontoo layers client for internet explorer\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton 360\engine\3.5.2.11\coIEPlg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB: {F215C430-0ED4-47D4-B42E-346B96923650} - No File
EB: {14528701-EB26-4DDD-BDF3-5B3A3BF85CA5} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [Shockwave Updater] c:\windows\syswow64\adobe\shockw~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; FunWebProducts; GTB5; FBSMTWB; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; Media Center PC 5.0; InfoPath.2)" -"http://games.bellsouth.net/gh/Gutterball2/index.html"
uRunOnce: [FlashPlayerUpdate] c:\windows\syswow64\macromed\flash\FlashUtil10c.exe
mRun: [QlbCtrl.exe] "c:\program files (x86)\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - ?p=ZJxdm172YYUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {14528701-EB26-4DDD-BDF3-5B3A3BF85CA5} - {14528701-EB26-4DDD-BDF3-5B3A3BF85CA5}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
Trusted Zone: bankofamerica.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} - hxxp://www.link-systems.com/~sdk/SDK/paste/lsiw9x.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files (x86)\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {F215C430-0ED4-47D4-B42E-346B96923650} - No File
EB-X64: {14528701-EB26-4DDD-BDF3-5B3A3BF85CA5} - No File
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0305020.00b\SymEFA64.sys [2009-9-8 402992]
R1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\n360x64\0305020.00b\BHDrvx64.sys [2009-9-8 334384]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0305020.00b\cchpx64.sys [2009-9-8 583296]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100106.001\IDSviA64.sys [2010-1-12 466992]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_5d1a7764\AESTSr64.exe [2008-11-5 86016]
R2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2008-2-12 70272]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 23040]
R2 N360;Norton 360;c:\program files (x86)\norton 360\engine\3.5.2.11\ccSvcHst.exe [2009-9-8 117640]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-10 341328]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-8-11 1153368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\viewpoint\common\ViewpointService.exe [2008-11-25 24652]
R3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-10-19 89920]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-10 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 60928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-4 132656]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-4-11 125328]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360x64\0305020.00b\symndisv.sys [2009-9-8 56880]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-12-16 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
S2 gupdate1c9f8d5c681dcb7;Google Update Service (gupdate1c9f8d5c681dcb7);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-6-29 133104]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-12-16 7408]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-01-12 16:48:45 149280 ----a-w- c:\windows\syswow64\javaws.exe
2010-01-12 16:48:44 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-01-12 16:48:44 145184 ----a-w- c:\windows\syswow64\java.exe
2010-01-04 20:15:35 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-01-04 20:15:21 0 d-----w- c:\users\brenda\appdata\roaming\SUPERAntiSpyware.com
2010-01-04 20:15:21 0 d-----w- c:\program files (x86)\SUPERAntiSpyware
2010-01-04 20:14:23 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-01-04 18:20:32 0 d-----w- c:\windows\syswow64\vi-VN
2010-01-04 18:20:32 0 d-----w- c:\windows\syswow64\eu-ES
2010-01-04 18:20:32 0 d-----w- c:\windows\syswow64\ca-ES
2010-01-04 18:20:32 0 d-----w- c:\windows\system32\eu-ES
2010-01-04 18:20:32 0 d-----w- c:\windows\system32\ca-ES
2010-01-04 18:20:31 0 d-----w- c:\windows\system32\vi-VN
2010-01-04 17:44:05 0 d-----w- c:\windows\system32\EventProviders
2010-01-01 02:18:52 0 d-----w- c:\users\brenda\appdata\roaming\hpqLog
2009-12-30 23:03:55 0 d-----w- c:\windows\system32\no-NO
2009-12-30 23:03:51 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2009-12-30 23:03:46 0 d-----w- c:\program files\Broadcom
2009-12-30 20:07:30 920064 ----a-w- c:\windows\system32\athrx.sys
2009-12-30 20:07:30 735232 ----a-w- c:\windows\syswow64\athr.sys
2009-12-30 20:07:30 6496 ----a-w- c:\windows\system32\netathrx.inf
2009-12-30 20:07:30 6483 ----a-w- c:\windows\syswow64\netathr.inf
2009-12-30 20:07:30 10844 ----a-w- c:\windows\syswow64\athrext.cat
2009-12-30 20:07:30 10834 ----a-w- c:\windows\system32\athrextx.cat
2009-12-29 03:51:17 524288 --sha-w- c:\users\brenda\ntuser.dat{43269055-f42d-11de-8ee1-de60639ac53e}.TMContainer00000000000000000002.regtrans-ms
2009-12-29 03:51:16 65536 --sha-w- c:\users\brenda\ntuser.dat{43269055-f42d-11de-8ee1-de60639ac53e}.TM.blf
2009-12-29 03:51:16 524288 --sha-w- c:\users\brenda\ntuser.dat{43269055-f42d-11de-8ee1-de60639ac53e}.TMContainer00000000000000000001.regtrans-ms
2009-12-29 03:44:44 65536 --sha-w- c:\users\brenda\ntuser.dat{4a9969d5-f42c-11de-80cb-dfd05928992b}.TM.blf
2009-12-29 03:44:44 524288 --sha-w- c:\users\brenda\ntuser.dat{4a9969d5-f42c-11de-80cb-dfd05928992b}.TMContainer00000000000000000002.regtrans-ms
2009-12-29 03:44:44 524288 --sha-w- c:\users\brenda\ntuser.dat{4a9969d5-f42c-11de-80cb-dfd05928992b}.TMContainer00000000000000000001.regtrans-ms
2009-12-29 03:43:51 349057011 ----a-w- c:\windows\MEMORY.DMP
2009-12-29 03:38:30 65536 --sha-w- c:\users\brenda\ntuser.dat{6d774e55-f42b-11de-9bcd-a0c28dc2a622}.TM.blf
2009-12-29 03:38:30 524288 --sha-w- c:\users\brenda\ntuser.dat{6d774e55-f42b-11de-9bcd-a0c28dc2a622}.TMContainer00000000000000000002.regtrans-ms
2009-12-29 03:38:30 524288 --sha-w- c:\users\brenda\ntuser.dat{6d774e55-f42b-11de-9bcd-a0c28dc2a622}.TMContainer00000000000000000001.regtrans-ms
2009-12-28 21:15:41 0 d-----w- C:\N360_BACKUP
2009-12-28 02:40:22 0 d-----w- C:\Netgear
2009-12-27 02:13:18 9681 ----a-w- c:\windows\syswow64\29299zt-a5virus4dd.ocx
2009-12-26 17:04:54 5333 ----a-w- c:\windows\syswow64\15778not-a-v5zu93e9.ocx
2009-12-26 11:34:47 5735 ----a-w- c:\windows\syswow64\24806s9y7z05.dll
2009-12-25 04:50:13 12189 ----a-w- c:\windows\syswow64\219worz915.ocx
2009-12-24 19:46:18 0 d-----w- c:\users\brenda\appdata\roaming\Malwarebytes
2009-12-24 19:46:12 0 d-----w- c:\programdata\Malwarebytes
2009-12-24 19:46:11 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-24 19:46:10 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2009-12-24 08:11:51 40448 ----a-w- c:\windows\syswow64\00032290.exe
2009-12-24 08:11:50 40448 ----a-w- c:\windows\syswow64\00031f7b.exe
2009-12-24 08:11:50 40448 ----a-w- c:\windows\syswow64\00031e5c.exe
2009-12-24 08:11:50 40448 ----a-w- c:\windows\syswow64\000319ad.exe
2009-12-24 08:11:50 40448 ----a-w- c:\windows\syswow64\0003190c.exe
2009-12-24 08:11:50 40448 ----a-w- c:\windows\syswow64\0003164a.exe
2009-12-24 08:11:49 40448 ----a-w- c:\windows\syswow64\00031bfa.exe
2009-12-24 08:11:49 40448 ----a-w- c:\windows\syswow64\0003146d.exe
2009-12-24 08:11:49 40448 ----a-w- c:\windows\syswow64\0003142d.exe
2009-12-24 08:11:48 40448 ----a-w- c:\windows\syswow64\00031a00.exe
2009-12-24 08:11:48 40448 ----a-w- c:\windows\syswow64\000313ec.exe
2009-12-24 08:11:48 40448 ----a-w- c:\windows\syswow64\00030e72.exe
2009-12-24 08:06:43 0 d-----w- c:\windows\pss
2009-12-23 04:08:05 12350 ----a-w- c:\windows\syswow64\56b6downzoade95167.ocx
2009-12-22 20:08:01 15860 ----a-w- c:\windows\syswow64\z74b9ir5460.exe
2009-12-22 18:21:20 10738 ----a-w- c:\windows\syswow64\8514s9yz4e.cpl
2009-12-22 11:32:05 10705 ----a-w- c:\windows\syswow64\7e47spywzr91455.cpl
2009-12-22 09:40:24 10741 ----a-w- c:\windows\syswow64\28829sz95bot43c.ocx
2009-12-22 00:11:46 13406 ----a-w- c:\windows\syswow64\226905iruz1f2.ocx
2009-12-19 04:23:02 4554 ----a-w- c:\windows\syswow64\4bb9viz15345.cpl
2009-12-18 22:32:47 709336 ----a-w- c:\windows\syswow64\PerfStringBackup.INI
2009-12-18 21:16:57 13 ----a-w- c:\windows\popcinfo.dat
2009-12-17 16:54:26 6140 ----a-w- c:\windows\syswow64\13651t9ojzac.exe
2009-12-15 12:25:04 0 d-----w- c:\users\brenda\appdata\roaming\Playrix Entertainment

==================== Find3M ====================

2010-01-04 18:29:09 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-04 18:29:09 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-04 18:29:09 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-04 18:20:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-04 18:03:55 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-12-07 12:57:04 5144 ----a-w- c:\windows\syswow64\25099n5t-a-vzrus193.bin
2009-12-05 21:50:17 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll
2009-12-05 21:50:10 6656 ----a-w- c:\windows\syswow64\pndx5016.dll
2009-12-05 21:50:10 5632 ----a-w- c:\windows\syswow64\pndx5032.dll
2009-12-05 21:49:56 278528 ----a-w- c:\windows\syswow64\pncrt.dll
2009-12-03 12:57:11 9804 ----a-w- c:\windows\syswow64\2c54threzt159.bin
2009-11-27 06:12:00 3280 ----a-w- c:\windows\syswow64\75z9ste5l2158.dll
2009-11-25 19:17:40 5599 ----a-w- c:\windows\syswow64\29629pamzot6085.dll
2009-11-24 16:07:23 14169 ----a-w- c:\windows\syswow64\14119worz595.dll
2009-11-21 06:52:02 1147904 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:46:36 77312 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:46:36 132096 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:40:20 916480 ----a-w- c:\windows\syswow64\wininet.dll
2009-11-21 06:40:03 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2009-11-21 06:38:17 206848 ----a-w- c:\windows\syswow64\occache.dll
2009-11-21 06:35:43 5940736 ----a-w- c:\windows\syswow64\mshtml.dll
2009-11-21 06:35:38 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-11-21 06:35:38 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-11-21 06:34:58 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2009-11-21 06:34:39 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2009-11-21 06:34:39 164352 ----a-w- c:\windows\syswow64\ieui.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2009-11-21 06:34:38 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2009-11-21 06:34:38 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2009-11-21 06:34:38 11069952 ----a-w- c:\windows\syswow64\ieframe.dll
2009-11-21 06:34:33 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-11-21 05:07:24 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-21 04:59:58 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2009-11-21 04:59:52 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2009-11-21 04:59:14 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-11-19 21:30:46 15177 ----a-w- c:\windows\syswow64\8855pam9ztda.dll
2009-11-17 05:49:50 3451 ----a-w- c:\windows\syswow64\2e53sparse24z95.bin
2009-11-15 00:41:24 3213 ----a-w- c:\windows\syswow64\60d8szarse9915.bin
2009-11-11 07:29:16 12782 ----a-w- c:\windows\syswow64\59z95ir33.exe
2009-11-10 00:51:30 7078 ----a-w- c:\windows\syswow64\8337trojza59.bin
2009-11-09 13:01:54 32768 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:59:52 33792 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 12:31:42 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2009-11-09 12:30:03 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2009-10-30 21:31:08 38 ----a-w- c:\users\brenda\jagex_runescape_preferences.dat
2009-10-30 21:31:01 63 ----a-w- c:\users\brenda\jagex_runescape_preferences2.dat
2009-10-30 00:29:08 2146304 ----a-w- c:\windows\syswow64\GPhotos.scr
2009-10-29 09:36:50 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-29 09:17:42 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-10-23 18:37:15 4096 ----a-w- c:\windows\d3dx.dat
2009-10-23 17:11:53 10934 ----a-w- c:\windows\syswow64\7934steaz596.dll
2009-10-18 15:11:30 9793 ----a-w- c:\windows\syswow64\2a325iz2497.bin
2009-10-17 17:53:33 14743 ----a-w- c:\windows\syswow64\435fvi93z50.dll
2009-10-17 09:12:17 5818 ----a-w- c:\windows\syswow64\29673notza-virus2b95.dll
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-11-06 05:23:27 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 12:03:10.22 ===============

Attached File(s)

Attach_1_12_10.txt (6.9K)
Number of downloads: 7

#5 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 12 January 2010 - 02:25 PM

Hello and welcome from me as well!

Please have a scan with Malwarebytes to remove the rogues:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Afterwards We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#6 jrosen19

Member

Group: Members
Posts: 28
Joined: 29-December 09

Posted 12 January 2010 - 03:18 PM

mbam log:

Malwarebytes' Anti-Malware 1.44
Database version: 3550
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

1/12/2010 3:17:01 PM
mbam-log-2010-01-12 (15-17-01).txt

Scan type: Quick Scan
Objects scanned: 98260
Time elapsed: 14 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Ecobar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I will now be getting OTL report.

#7 jrosen19

Member

Group: Members
Posts: 28
Joined: 29-December 09

Posted 12 January 2010 - 03:33 PM

OTL report:

OTL logfile created on: 1/12/2010 3:20:01 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\Brenda\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.24 Gb Total Space | 224.48 Gb Free Space | 78.15% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 1.83 Gb Free Space | 16.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAVA
Current User Name: Brenda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/12 15:19:13 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\Brenda\Desktop\OTL.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/08/22 03:26:07 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
PRC - [2009/07/01 15:44:34 | 00,632,888 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2009/04/30 15:58:44 | 00,229,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2009/01/26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/23 21:54:44 | 00,244,904 | R--- | M] () -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
PRC - [2008/05/15 00:56:58 | 00,116,112 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2008/05/15 00:56:54 | 00,292,248 | ---- | M] () -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2008/04/03 13:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/03/26 17:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/03/14 10:45:10 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/02/26 17:13:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2010/01/12 15:19:13 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\Brenda\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/04/11 02:11:13 | 00,053,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2008/05/08 17:13:28 | 00,874,496 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/04/15 13:18:44 | 00,246,272 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_5d1a7764\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/03/18 19:25:40 | 00,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/02/12 15:05:54 | 00,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_5d1a7764\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 15:11:30 | 00,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2009/11/13 15:13:04 | 00,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/22 03:26:07 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe -- (N360)
SRV - [2009/06/29 11:22:08 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1c9f8d5c681dcb7) Google Update Service (gupdate1c9f8d5c681dcb7)
SRV - [2009/06/29 11:21:32 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/04/30 15:58:44 | 00,229,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2009/03/29 23:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/01/26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/23 21:54:44 | 00,244,904 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/05/15 00:56:58 | 00,116,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2008/05/15 00:56:54 | 00,292,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2008/04/15 15:40:10 | 00,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/04/03 13:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/03/26 17:26:56 | 00,341,328 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/26 17:13:22 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 08:34:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/08/22 03:26:08 | 00,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0305020.00B\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2009/08/22 03:26:08 | 00,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0305020.00B\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/08/22 03:26:08 | 00,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0305020.00B\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2009/08/22 03:26:08 | 00,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0305020.00B\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/22 03:26:08 | 00,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0305020.00B\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2009/08/22 03:26:08 | 00,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0305020.00B\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2009/08/22 03:26:08 | 00,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\0305020.00B\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2009/08/22 03:26:08 | 00,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0305020.00B\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/20 08:35:52 | 00,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/08/20 08:35:26 | 00,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/08/18 14:21:16 | 00,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2009/04/11 00:39:51 | 00,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2008/06/09 22:46:07 | 00,694,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:64bit: - [2008/06/09 22:46:07 | 00,178,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2008/06/09 22:46:07 | 00,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2008/06/09 22:46:07 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2008/05/08 20:02:12 | 04,262,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/04/28 04:25:06 | 00,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/04/27 14:09:18 | 01,133,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/04/15 13:19:56 | 00,453,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/04/11 12:56:28 | 00,125,328 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/03/27 15:10:56 | 00,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 15:10:14 | 00,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 18:59:32 | 01,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/02/14 09:56:14 | 00,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/02/12 11:14:50 | 00,070,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2008/01/24 08:24:24 | 00,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 21:47:28 | 00,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 21:47:27 | 00,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 21:47:02 | 00,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2008/01/20 21:46:57 | 01,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 21:46:57 | 00,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 21:46:57 | 00,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:55 | 00,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 21:46:51 | 00,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2008/01/18 06:31:30 | 00,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/09/11 14:40:34 | 00,053,632 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\akshasp.sys -- (akshasp)
DRV:64bit: - [2007/09/11 14:40:34 | 00,018,688 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\aksusb.sys -- (aksusb)
DRV:64bit: - [2007/06/18 19:13:12 | 00,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/09 21:09:03 | 00,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/10/06 21:13:22 | 00,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV - [2009/12/29 05:55:54 | 01,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.005\EX64.SYS -- (NAVEX15)
DRV - [2009/12/29 05:55:54 | 00,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/12/29 05:55:54 | 00,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/29 05:55:54 | 00,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.005\ENG64.SYS -- (NAVENG)
DRV - [2009/12/16 16:27:00 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 16:26:58 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/16 16:26:56 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/11/05 01:30:40 | 00,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/01/20 17:57:14 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Haspnt.sys -- (Haspnt)
DRV - [2007/05/30 15:40:42 | 00,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\athr.sys -- (athr)
DRV - [2006/09/18 16:36:40 | 00,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 00,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2001/03/12 21:46:12 | 00,073,216 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-604219708-840033-878688825-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKU\S-1-5-21-604219708-840033-878688825-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-604219708-840033-878688825-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-604219708-840033-878688825-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-604219708-840033-878688825-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-604219708-840033-878688825-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-604219708-840033-878688825-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-604219708-840033-878688825-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-604219708-840033-878688825-1000\S-1-5-21-604219708-840033-878688825-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/06/10 01:56:28 | 00,000,000 | ---D | M]

[2009/07/12 19:42:57 | 00,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\Mozilla\Extensions
[2009/12/25 13:42:36 | 00,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\4c9ghk5u.default\extensions
[2009/07/01 19:21:24 | 00,000,718 | ---- | M] () -- C:\Users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\4c9ghk5u.default\searchplugins\ask.xml
[2009/08/11 13:00:54 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/04/30 17:24:07 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: (350680 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12023 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-604219708-840033-878688825-1000\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKU\S-1-5-21-604219708-840033-878688825-1000\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-604219708-840033-878688825-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-604219708-840033-878688825-1000..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-604219708-840033-878688825-1000..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 ( File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Recipe Feeder - {14528701-EB26-4DDD-BDF3-5B3A3BF85CA5} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-604219708-840033-878688825-1000\..Trusted Domains: bankofamerica.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-604219708-840033-878688825-1000\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-604219708-840033-878688825-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} http://www.link-systems.com/~sdk/SDK/paste/lsiw9x.cab (LSICapture Control)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Brenda\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brenda\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a1b1856c-bd6f-11dd-894c-001eecf15b35}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{a1b1857c-bd6f-11dd-894c-001eecf15b35}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/12 15:19:09 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Users\Brenda\Desktop\OTL.exe
[2010/01/12 14:59:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/12 14:57:05 | 05,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Brenda\Desktop\mbam-setup.exe
[2010/01/12 11:48:45 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/01/12 11:48:44 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/01/12 11:48:44 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/01/04 18:08:43 | 00,000,000 | ---D | C] -- C:\Users\Brenda\Desktop\Justin
[2010/01/04 15:15:35 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/04 15:15:21 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/04 15:15:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/01/04 15:14:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/01/04 13:20:32 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2010/01/04 13:20:32 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2010/01/04 13:20:32 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2010/01/04 13:20:32 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2010/01/04 13:20:32 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2010/01/04 13:20:31 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2010/01/04 12:44:05 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2010/01/03 19:23:06 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\Apple
[2009/12/31 21:18:52 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\hpqLog
[2009/12/30 18:03:55 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\no-NO
[2009/12/30 18:03:46 | 00,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2009/12/30 15:07:30 | 00,920,064 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2009/12/30 15:07:30 | 00,735,232 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysWow64\athr.sys
[2009/12/29 17:41:59 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\Adobe
[2009/12/29 15:23:36 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\Runscanner.net
[2009/12/29 13:46:45 | 00,000,000 | ---D | C] -- C:\Users\Brenda\Documents\Autoruns[1]
[2009/12/28 22:46:01 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/12/28 16:15:41 | 00,000,000 | ---D | C] -- C:\N360_BACKUP
[2009/12/28 15:57:43 | 00,000,000 | ---D | C] -- C:\Users\Brenda\Documents\Symantec
[2009/12/28 15:48:45 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\ICS
[2009/12/27 21:40:22 | 00,000,000 | ---D | C] -- C:\Netgear
[2009/12/24 14:46:18 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\Malwarebytes
[2009/12/24 14:46:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/24 14:46:11 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/24 14:46:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/12/24 03:06:43 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/12/17 15:37:57 | 00,000,000 | ---D | C] -- C:\Users\Brenda\Desktop\Movies
[2009/12/16 10:10:09 | 00,000,000 | ---D | C] -- C:\Users\Brenda\Documents\T&D forms
[2009/12/15 07:25:04 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\Playrix Entertainment

========== Files - Modified Within 30 Days ==========

[2010/01/12 15:27:00 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F024F1ED-9C89-41A4-88CB-8895B3B6A76F}.job
[2010/01/12 15:22:47 | 08,650,752 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat
[2010/01/12 15:22:00 | 00,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-604219708-840033-878688825-1000UA.job
[2010/01/12 15:19:13 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\Brenda\Desktop\OTL.exe
[2010/01/12 15:01:20 | 00,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/12 15:01:20 | 00,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/12 15:01:20 | 00,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/12 15:00:01 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/12 14:57:09 | 05,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Brenda\Desktop\mbam-setup.exe
[2010/01/12 14:56:06 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/12 14:53:11 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/12 14:53:05 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/12 14:53:05 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/12 14:53:05 | 00,000,440 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/01/12 14:53:00 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/12 14:52:56 | 00,415,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/01/12 14:52:43 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/12 14:52:12 | 40,242,58560 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/12 14:51:07 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/12 14:51:00 | 00,524,288 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{43269055-f42d-11de-8ee1-de60639ac53e}.TMContainer00000000000000000001.regtrans-ms
[2010/01/12 14:51:00 | 00,065,536 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{43269055-f42d-11de-8ee1-de60639ac53e}.TM.blf
[2010/01/12 14:50:57 | 02,896,161 | -H-- | M] () -- C:\Users\Brenda\AppData\Local\IconCache.db
[2010/01/12 14:38:45 | 00,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrenda.job
[2010/01/12 14:38:40 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/12 11:56:49 | 00,524,288 | ---- | M] () -- C:\Users\Brenda\Desktop\dds.scr
[2010/01/11 15:32:20 | 00,052,224 | ---- | M] () -- C:\Users\Brenda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/07 16:07:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/05 03:10:09 | 00,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-604219708-840033-878688825-1000Core.job
[2010/01/04 20:48:07 | 00,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Brenda.job
[2009/12/30 18:03:39 | 00,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2009/12/30 17:45:16 | 34,905,7011 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/30 15:47:52 | 00,114,904 | ---- | M] () -- C:\Users\Brenda\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/28 22:51:51 | 00,524,288 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{43269055-f42d-11de-8ee1-de60639ac53e}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 22:44:44 | 00,524,288 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{4a9969d5-f42c-11de-80cb-dfd05928992b}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 22:44:44 | 00,524,288 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{4a9969d5-f42c-11de-80cb-dfd05928992b}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 22:44:44 | 00,065,536 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{4a9969d5-f42c-11de-80cb-dfd05928992b}.TM.blf
[2009/12/28 22:38:30 | 00,524,288 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{6d774e55-f42b-11de-9bcd-a0c28dc2a622}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 22:38:30 | 00,524,288 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{6d774e55-f42b-11de-9bcd-a0c28dc2a622}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 22:38:30 | 00,065,536 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{6d774e55-f42b-11de-9bcd-a0c28dc2a622}.TM.blf
[2009/12/28 17:40:49 | 00,524,288 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{3e796c89-b45e-11de-8f76-001eecf15b35}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 17:40:49 | 00,065,536 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{3e796c89-b45e-11de-8f76-001eecf15b35}.TM.blf
[2009/12/26 21:13:18 | 00,009,681 | ---- | M] () -- C:\Windows\SysWow64\29299zt-a5virus4dd.ocx
[2009/12/26 12:04:54 | 00,005,333 | ---- | M] () -- C:\Windows\SysWow64\15778not-a-v5zu93e9.ocx
[2009/12/26 06:34:47 | 00,005,735 | ---- | M] () -- C:\Windows\SysWow64\24806s9y7z05.dll
[2009/12/24 23:50:13 | 00,012,189 | ---- | M] () -- C:\Windows\SysWow64\219worz915.ocx
[2009/12/24 03:10:05 | 00,000,273 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/12/24 02:50:19 | 00,000,680 | ---- | M] () -- C:\Users\Brenda\AppData\Local\d3d9caps.dat
[2009/12/22 23:08:05 | 00,012,350 | ---- | M] () -- C:\Windows\SysWow64\56b6downzoade95167.ocx
[2009/12/22 15:08:01 | 00,015,860 | ---- | M] () -- C:\Windows\SysWow64\z74b9ir5460.exe
[2009/12/22 13:21:20 | 00,010,738 | ---- | M] () -- C:\Windows\SysWow64\8514s9yz4e.cpl
[2009/12/22 06:32:05 | 00,010,705 | ---- | M] () -- C:\Windows\SysWow64\7e47spywzr91455.cpl
[2009/12/22 04:40:24 | 00,010,741 | ---- | M] () -- C:\Windows\SysWow64\28829sz95bot43c.ocx
[2009/12/21 19:11:46 | 00,013,406 | ---- | M] () -- C:\Windows\SysWow64\226905iruz1f2.ocx
[2009/12/18 23:23:02 | 00,004,554 | ---- | M] () -- C:\Windows\SysWow64\4bb9viz15345.cpl
[2009/12/18 17:32:47 | 00,709,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/18 16:16:57 | 00,000,013 | ---- | M] () -- C:\Windows\popcinfo.dat
[2009/12/17 15:44:30 | 00,016,990 | ---- | M] () -- C:\Windows\SysWow64\896spa5sz500.dll
[2009/12/17 15:44:30 | 00,015,626 | ---- | M] () -- C:\Windows\SysWow64\5z03spamb9tff.ocx
[2009/12/17 15:44:30 | 00,014,671 | ---- | M] () -- C:\Windows\SysWow64\992ztro5597.bin
[2009/12/17 15:44:30 | 00,013,111 | ---- | M] () -- C:\Windows\SysWow64\5z7b9ownloa5er2850.dll
[2009/12/17 15:44:30 | 00,012,448 | ---- | M] () -- C:\Windows\SysWow64\29534wzr969c.cpl
[2009/12/17 15:44:30 | 00,011,959 | ---- | M] () -- C:\Windows\SysWow64\1947s5eaz3085.exe
[2009/12/17 15:44:30 | 00,004,332 | ---- | M] () -- C:\Windows\SysWow64\2d7esz59se1345.bin
[2009/12/17 15:44:30 | 00,002,522 | ---- | M] () -- C:\Windows\SysWow64\139z4not-a-vi5us124.bin
[2009/12/17 15:44:29 | 00,004,932 | ---- | M] () -- C:\Windows\SysWow64\7599zroj24c.ocx
[2009/12/17 15:44:25 | 00,017,898 | ---- | M] () -- C:\Windows\SysWow64\66a5szyware819.cpl
[2009/12/17 15:44:25 | 00,017,788 | ---- | M] () -- C:\Windows\SysWow64\403bthre5z1965.dll
[2009/12/17 15:44:25 | 00,017,710 | ---- | M] () -- C:\Windows\SysWow64\7d95spa9se1z335.bin
[2009/12/17 15:44:25 | 00,017,025 | ---- | M] () -- C:\Windows\SysWow64\24693not-z-vi5usdb.bin
[2009/12/17 15:44:25 | 00,016,779 | ---- | M] () -- C:\Windows\SysWow64\54762vzrus39c.ocx
[2009/12/17 15:44:25 | 00,016,512 | ---- | M] () -- C:\Windows\SysWow64\951adzwar51175.bin
[2009/12/17 15:44:25 | 00,015,312 | ---- | M] () -- C:\Windows\SysWow64\197775o9m3zc.exe
[2009/12/17 15:44:25 | 00,014,601 | ---- | M] () -- C:\Windows\SysWow64\23923spy5z0.bin
[2009/12/17 15:44:25 | 00,014,393 | ---- | M] () -- C:\Windows\SysWow64\4zd5backd5or9833.dll
[2009/12/17 15:44:25 | 00,013,156 | ---- | M] () -- C:\Windows\SysWow64\3235wzr95b1.bin
[2009/12/17 15:44:25 | 00,012,582 | ---- | M] () -- C:\Windows\SysWow64\55c9ste9l557z.ocx
[2009/12/17 15:44:25 | 00,012,190 | ---- | M] () -- C:\Windows\SysWow64\4d76spyz9re23935.cpl
[2009/12/17 15:44:25 | 00,011,828 | ---- | M] () -- C:\Windows\SysWow64\3515b9ckdoor20z6.dll
[2009/12/17 15:44:25 | 00,011,015 | ---- | M] () -- C:\Windows\SysWow64\z943spambot6775.bin
[2009/12/17 15:44:25 | 00,010,989 | ---- | M] () -- C:\Windows\SysWow64\163ctzrea915299.bin
[2009/12/17 15:44:25 | 00,010,935 | ---- | M] () -- C:\Windows\SysWow64\zd17st5al697.exe
[2009/12/17 15:44:25 | 00,009,887 | ---- | M] () -- C:\Windows\SysWow64\56fv9rz995.exe
[2009/12/17 15:44:25 | 00,009,156 | ---- | M] () -- C:\Windows\SysWow64\3069ddwarz5720.ocx
[2009/12/17 15:44:25 | 00,007,818 | ---- | M] () -- C:\Windows\SysWow64\a4z5ir3297.dll
[2009/12/17 15:44:25 | 00,006,398 | ---- | M] () -- C:\Windows\SysWow64\55z99teal105.ocx
[2009/12/17 15:44:25 | 00,005,654 | ---- | M] () -- C:\Windows\SysWow64\294bdzwn5oader1129.bin
[2009/12/17 15:44:25 | 00,005,642 | ---- | M] () -- C:\Windows\SysWow64\269bba5zdoor3164.bin
[2009/12/17 15:44:25 | 00,004,592 | ---- | M] () -- C:\Windows\SysWow64\28551s9amzot19f.bin
[2009/12/17 15:44:25 | 00,004,160 | ---- | M] () -- C:\Windows\SysWow64\19z77wor5393.ocx
[2009/12/17 15:44:25 | 00,003,640 | ---- | M] () -- C:\Windows\SysWow64\2z66sp51119.dll
[2009/12/17 15:44:25 | 00,003,184 | ---- | M] () -- C:\Windows\SysWow64\zf29vi92158.exe
[2009/12/17 15:44:25 | 00,003,094 | ---- | M] () -- C:\Windows\SysWow64\21538n5tza9virus573.ocx
[2009/12/17 15:44:25 | 00,002,884 | ---- | M] () -- C:\Windows\SysWow64\15535zrojb9.dll
[2009/12/17 15:44:24 | 00,018,229 | ---- | M] () -- C:\Windows\SysWow64\cbz95ief1816.cpl
[2009/12/17 15:44:24 | 00,017,549 | ---- | M] () -- C:\Windows\SysWow64\5956thie91z92.cpl
[2009/12/17 15:44:24 | 00,016,891 | ---- | M] () -- C:\Windows\SysWow64\18z53not-a-5i9us7a8.cpl
[2009/12/17 15:44:24 | 00,015,961 | ---- | M] () -- C:\Windows\SysWow64\z1951wo5mb6.exe
[2009/12/17 15:44:24 | 00,015,408 | ---- | M] () -- C:\Windows\SysWow64\7fezs9yware765.cpl
[2009/12/17 15:44:24 | 00,014,604 | ---- | M] () -- C:\Windows\SysWow64\51d9downloader15z1.bin
[2009/12/17 15:44:24 | 00,014,549 | ---- | M] () -- C:\Windows\SysWow64\5d6zdo9nloader2705.cpl
[2009/12/17 15:44:24 | 00,014,083 | ---- | M] () -- C:\Windows\SysWow64\3954zro95ee.cpl
[2009/12/17 15:44:24 | 00,008,824 | ---- | M] () -- C:\Windows\SysWow64\59085zy546.exe
[2009/12/17 15:44:24 | 00,008,245 | ---- | M] () -- C:\Windows\SysWow64\5z19spy215.ocx
[2009/12/17 15:44:24 | 00,006,996 | ---- | M] () -- C:\Windows\SysWow64\8bzs9ar5e2011.exe
[2009/12/17 15:44:24 | 00,006,714 | ---- | M] () -- C:\Windows\SysWow64\7957s9y2z95.exe
[2009/12/17 15:44:24 | 00,004,336 | ---- | M] () -- C:\Windows\SysWow64\204spambot15z9.dll
[2009/12/17 15:44:24 | 00,004,334 | ---- | M] () -- C:\Windows\SysWow64\2z9faddware2565.bin
[2009/12/17 15:44:24 | 00,003,426 | ---- | M] () -- C:\Windows\SysWow64\93bbzir2555.bin
[2009/12/17 15:44:23 | 00,009,399 | ---- | M] () -- C:\Windows\SysWow64\760zspam9ot53e.cpl
[2009/12/17 15:44:23 | 00,004,294 | ---- | M] () -- C:\Windows\SysWow64\z2369py115.ocx
[2009/12/17 15:44:23 | 00,003,129 | ---- | M] () -- C:\Windows\SysWow64\56fbthi9fz1275.dll
[2009/12/17 15:44:23 | 00,002,959 | ---- | M] () -- C:\Windows\SysWow64\3095t5o9z09.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\00032290.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\00031f7b.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\00031e5c.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\00031bfa.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\00031a00.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\000319ad.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\0003190c.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\0003164a.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\0003146d.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\0003142d.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\000313ec.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\00030e72.exe
[2009/12/17 11:54:26 | 00,006,140 | ---- | M] () -- C:\Windows\SysWow64\13651t9ojzac.exe
[2009/12/16 13:16:23 | 00,407,552 | ---- | M] () -- C:\Users\Brenda\Documents\ta do list.doc
[2009/12/16 13:16:05 | 00,407,552 | ---- | M] () -- C:\Users\Brenda\Documents\Backup of ta do list.wbk
[2009/12/14 18:23:04 | 00,031,232 | ---- | M] () -- C:\Users\Brenda\Documents\drake schoolmu.doc

========== Files Created - No Company Name ==========

[2010/01/12 15:00:01 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/12 11:56:42 | 00,524,288 | ---- | C] () -- C:\Users\Brenda\Desktop\dds.scr
[2009/12/31 21:34:42 | 00,000,353 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/12/30 18:03:51 | 00,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
[2009/12/30 15:07:30 | 00,010,844 | ---- | C] () -- C:\Windows\SysWow64\athrext.cat
[2009/12/30 15:07:30 | 00,010,834 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2009/12/30 15:07:30 | 00,006,496 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2009/12/30 15:07:30 | 00,006,483 | ---- | C] () -- C:\Windows\SysWow64\netathr.inf
[2009/12/29 01:21:10 | 40,242,58560 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/28 22:51:17 | 00,524,288 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{43269055-f42d-11de-8ee1-de60639ac53e}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 22:51:16 | 00,524,288 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{43269055-f42d-11de-8ee1-de60639ac53e}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 22:51:16 | 00,065,536 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{43269055-f42d-11de-8ee1-de60639ac53e}.TM.blf
[2009/12/28 22:44:44 | 00,524,288 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{4a9969d5-f42c-11de-80cb-dfd05928992b}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 22:44:44 | 00,524,288 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{4a9969d5-f42c-11de-80cb-dfd05928992b}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 22:44:44 | 00,065,536 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{4a9969d5-f42c-11de-80cb-dfd05928992b}.TM.blf
[2009/12/28 22:43:51 | 34,905,7011 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/12/28 22:38:30 | 00,524,288 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{6d774e55-f42b-11de-9bcd-a0c28dc2a622}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 22:38:30 | 00,524,288 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{6d774e55-f42b-11de-9bcd-a0c28dc2a622}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 22:38:30 | 00,065,536 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{6d774e55-f42b-11de-9bcd-a0c28dc2a622}.TM.blf
[2009/12/27 21:59:48 | 00,000,082 | R--- | C] () -- C:\Users\Public\Desktop\www.RouterLogin.com.url
[2009/12/26 21:13:18 | 00,009,681 | ---- | C] () -- C:\Windows\SysWow64\29299zt-a5virus4dd.ocx
[2009/12/26 12:04:54 | 00,005,333 | ---- | C] () -- C:\Windows\SysWow64\15778not-a-v5zu93e9.ocx
[2009/12/26 06:34:47 | 00,005,735 | ---- | C] () -- C:\Windows\SysWow64\24806s9y7z05.dll
[2009/12/24 23:50:13 | 00,012,189 | ---- | C] () -- C:\Windows\SysWow64\219worz915.ocx
[2009/12/24 03:11:51 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\00032290.exe
[2009/12/24 03:11:50 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\00031f7b.exe
[2009/12/24 03:11:50 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\00031e5c.exe
[2009/12/24 03:11:50 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\000319ad.exe
[2009/12/24 03:11:50 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\0003190c.exe
[2009/12/24 03:11:50 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\0003164a.exe
[2009/12/24 03:11:49 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\00031bfa.exe
[2009/12/24 03:11:49 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\0003146d.exe
[2009/12/24 03:11:49 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\0003142d.exe
[2009/12/24 03:11:48 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\00031a00.exe
[2009/12/24 03:11:48 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\000313ec.exe
[2009/12/24 03:11:48 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\00030e72.exe
[2009/12/22 23:08:05 | 00,012,350 | ---- | C] () -- C:\Windows\SysWow64\56b6downzoade95167.ocx
[2009/12/22 15:08:01 | 00,015,860 | ---- | C] () -- C:\Windows\SysWow64\z74b9ir5460.exe
[2009/12/22 13:21:20 | 00,010,738 | ---- | C] () -- C:\Windows\SysWow64\8514s9yz4e.cpl
[2009/12/22 06:32:05 | 00,010,705 | ---- | C] () -- C:\Windows\SysWow64\7e47spywzr91455.cpl
[2009/12/22 04:40:24 | 00,010,741 | ---- | C] () -- C:\Windows\SysWow64\28829sz95bot43c.ocx
[2009/12/21 19:11:46 | 00,013,406 | ---- | C] () -- C:\Windows\SysWow64\226905iruz1f2.ocx
[2009/12/18 23:23:02 | 00,004,554 | ---- | C] () -- C:\Windows\SysWow64\4bb9viz15345.cpl
[2009/12/18 17:32:47 | 00,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/18 16:16:57 | 00,000,013 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/12/17 15:44:30 | 00,016,990 | ---- | C] () -- C:\Windows\SysWow64\896spa5sz500.dll
[2009/12/17 15:44:30 | 00,015,626 | ---- | C] () -- C:\Windows\SysWow64\5z03spamb9tff.ocx
[2009/12/17 15:44:30 | 00,014,671 | ---- | C] () -- C:\Windows\SysWow64\992ztro5597.bin
[2009/12/17 15:44:30 | 00,013,111 | ---- | C] () -- C:\Windows\SysWow64\5z7b9ownloa5er2850.dll
[2009/12/17 15:44:30 | 00,012,448 | ---- | C] () -- C:\Windows\SysWow64\29534wzr969c.cpl
[2009/12/17 15:44:30 | 00,011,959 | ---- | C] () -- C:\Windows\SysWow64\1947s5eaz3085.exe
[2009/12/17 15:44:30 | 00,004,332 | ---- | C] () -- C:\Windows\SysWow64\2d7esz59se1345.bin
[2009/12/17 15:44:30 | 00,002,522 | ---- | C] () -- C:\Windows\SysWow64\139z4not-a-vi5us124.bin
[2009/12/17 15:44:29 | 00,004,932 | ---- | C] () -- C:\Windows\SysWow64\7599zroj24c.ocx
[2009/12/17 15:44:25 | 00,017,898 | ---- | C] () -- C:\Windows\SysWow64\66a5szyware819.cpl
[2009/12/17 15:44:25 | 00,017,788 | ---- | C] () -- C:\Windows\SysWow64\403bthre5z1965.dll
[2009/12/17 15:44:25 | 00,017,710 | ---- | C] () -- C:\Windows\SysWow64\7d95spa9se1z335.bin
[2009/12/17 15:44:25 | 00,017,025 | ---- | C] () -- C:\Windows\SysWow64\24693not-z-vi5usdb.bin
[2009/12/17 15:44:25 | 00,016,779 | ---- | C] () -- C:\Windows\SysWow64\54762vzrus39c.ocx
[2009/12/17 15:44:25 | 00,016,512 | ---- | C] () -- C:\Windows\SysWow64\951adzwar51175.bin
[2009/12/17 15:44:25 | 00,015,312 | ---- | C] () -- C:\Windows\SysWow64\197775o9m3zc.exe
[2009/12/17 15:44:25 | 00,014,601 | ---- | C] () -- C:\Windows\SysWow64\23923spy5z0.bin
[2009/12/17 15:44:25 | 00,014,393 | ---- | C] () -- C:\Windows\SysWow64\4zd5backd5or9833.dll
[2009/12/17 15:44:25 | 00,013,156 | ---- | C] () -- C:\Windows\SysWow64\3235wzr95b1.bin
[2009/12/17 15:44:25 | 00,012,582 | ---- | C] () -- C:\Windows\SysWow64\55c9ste9l557z.ocx
[2009/12/17 15:44:25 | 00,012,190 | ---- | C] () -- C:\Windows\SysWow64\4d76spyz9re23935.cpl
[2009/12/17 15:44:25 | 00,011,828 | ---- | C] () -- C:\Windows\SysWow64\3515b9ckdoor20z6.dll
[2009/12/17 15:44:25 | 00,011,015 | ---- | C] () -- C:\Windows\SysWow64\z943spambot6775.bin
[2009/12/17 15:44:25 | 00,010,989 | ---- | C] () -- C:\Windows\SysWow64\163ctzrea915299.bin
[2009/12/17 15:44:25 | 00,010,935 | ---- | C] () -- C:\Windows\SysWow64\zd17st5al697.exe
[2009/12/17 15:44:25 | 00,009,887 | ---- | C] () -- C:\Windows\SysWow64\56fv9rz995.exe
[2009/12/17 15:44:25 | 00,009,156 | ---- | C] () -- C:\Windows\SysWow64\3069ddwarz5720.ocx
[2009/12/17 15:44:25 | 00,007,818 | ---- | C] () -- C:\Windows\SysWow64\a4z5ir3297.dll
[2009/12/17 15:44:25 | 00,006,398 | ---- | C] () -- C:\Windows\SysWow64\55z99teal105.ocx
[2009/12/17 15:44:25 | 00,005,654 | ---- | C] () -- C:\Windows\SysWow64\294bdzwn5oader1129.bin
[2009/12/17 15:44:25 | 00,005,642 | ---- | C] () -- C:\Windows\SysWow64\269bba5zdoor3164.bin
[2009/12/17 15:44:25 | 00,004,592 | ---- | C] () -- C:\Windows\SysWow64\28551s9amzot19f.bin
[2009/12/17 15:44:25 | 00,004,160 | ---- | C] () -- C:\Windows\SysWow64\19z77wor5393.ocx
[2009/12/17 15:44:25 | 00,003,640 | ---- | C] () -- C:\Windows\SysWow64\2z66sp51119.dll
[2009/12/17 15:44:25 | 00,003,184 | ---- | C] () -- C:\Windows\SysWow64\zf29vi92158.exe
[2009/12/17 15:44:25 | 00,003,094 | ---- | C] () -- C:\Windows\SysWow64\21538n5tza9virus573.ocx
[2009/12/17 15:44:25 | 00,002,884 | ---- | C] () -- C:\Windows\SysWow64\15535zrojb9.dll
[2009/12/17 15:44:24 | 00,018,229 | ---- | C] () -- C:\Windows\SysWow64\cbz95ief1816.cpl
[2009/12/17 15:44:24 | 00,017,549 | ---- | C] () -- C:\Windows\SysWow64\5956thie91z92.cpl
[2009/12/17 15:44:24 | 00,016,891 | ---- | C] () -- C:\Windows\SysWow64\18z53not-a-5i9us7a8.cpl
[2009/12/17 15:44:24 | 00,015,961 | ---- | C] () -- C:\Windows\SysWow64\z1951wo5mb6.exe
[2009/12/17 15:44:24 | 00,015,408 | ---- | C] () -- C:\Windows\SysWow64\7fezs9yware765.cpl
[2009/12/17 15:44:24 | 00,014,604 | ---- | C] () -- C:\Windows\SysWow64\51d9downloader15z1.bin
[2009/12/17 15:44:24 | 00,014,549 | ---- | C] () -- C:\Windows\SysWow64\5d6zdo9nloader2705.cpl
[2009/12/17 15:44:24 | 00,014,083 | ---- | C] () -- C:\Windows\SysWow64\3954zro95ee.cpl
[2009/12/17 15:44:24 | 00,008,824 | ---- | C] () -- C:\Windows\SysWow64\59085zy546.exe
[2009/12/17 15:44:24 | 00,008,245 | ---- | C] () -- C:\Windows\SysWow64\5z19spy215.ocx
[2009/12/17 15:44:24 | 00,006,996 | ---- | C] () -- C:\Windows\SysWow64\8bzs9ar5e2011.exe
[2009/12/17 15:44:24 | 00,006,714 | ---- | C] () -- C:\Windows\SysWow64\7957s9y2z95.exe
[2009/12/17 15:44:24 | 00,004,336 | ---- | C] () -- C:\Windows\SysWow64\204spambot15z9.dll
[2009/12/17 15:44:24 | 00,004,334 | ---- | C] () -- C:\Windows\SysWow64\2z9faddware2565.bin
[2009/12/17 15:44:24 | 00,003,426 | ---- | C] () -- C:\Windows\SysWow64\93bbzir2555.bin
[2009/12/17 15:44:23 | 00,009,399 | ---- | C] () -- C:\Windows\SysWow64\760zspam9ot53e.cpl
[2009/12/17 15:44:23 | 00,004,294 | ---- | C] () -- C:\Windows\SysWow64\z2369py115.ocx
[2009/12/17 15:44:23 | 00,003,129 | ---- | C] () -- C:\Windows\SysWow64\56fbthi9fz1275.dll
[2009/12/17 15:44:23 | 00,002,959 | ---- | C] () -- C:\Windows\SysWow64\3095t5o9z09.exe
[2009/12/17 11:54:26 | 00,006,140 | ---- | C] () -- C:\Windows\SysWow64\13651t9ojzac.exe
[2009/12/16 13:16:04 | 00,407,552 | ---- | C] () -- C:\Users\Brenda\Documents\ta do list.doc
[2009/12/16 13:16:04 | 00,407,552 | ---- | C] () -- C:\Users\Brenda\Documents\Backup of ta do list.wbk
[2009/12/14 18:23:03 | 00,031,232 | ---- | C] () -- C:\Users\Brenda\Documents\drake schoolmu.doc
[2009/12/05 16:51:26 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/27 01:12:00 | 00,003,280 | ---- | C] () -- C:\Windows\SysWow64\75z9ste5l2158.dll
[2009/11/25 14:17:40 | 00,005,599 | ---- | C] () -- C:\Windows\SysWow64\29629pamzot6085.dll
[2009/11/24 11:07:23 | 00,014,169 | ---- | C] () -- C:\Windows\SysWow64\14119worz595.dll
[2009/11/19 16:30:46 | 00,015,177 | ---- | C] () -- C:\Windows\SysWow64\8855pam9ztda.dll
[2009/10/23 12:11:53 | 00,010,934 | ---- | C] () -- C:\Windows\SysWow64\7934steaz596.dll
[2009/10/19 17:23:11 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/19 17:22:00 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/17 12:53:33 | 00,014,743 | ---- | C] () -- C:\Windows\SysWow64\435fvi93z50.dll
[2009/10/17 04:12:17 | 00,005,818 | ---- | C] () -- C:\Windows\SysWow64\29673notza-virus2b95.dll
[2009/10/15 12:17:49 | 00,004,096 | -H-- | C] () -- C:\Users\Brenda\AppData\Local\keyfile3.drm
[2009/10/12 02:48:15 | 00,007,059 | ---- | C] () -- C:\Windows\SysWow64\a9f5owzloader2601.dll
[2009/09/12 08:33:58 | 00,006,890 | ---- | C] () -- C:\Windows\SysWow64\11540spz395.dll
[2009/09/06 20:37:02 | 00,014,959 | ---- | C] () -- C:\Windows\SysWow64\6fd5s95waze2629.dll
[2009/08/23 11:54:07 | 00,009,029 | ---- | C] () -- C:\Windows\wininit.ini
[2009/08/22 23:50:28 | 00,008,804 | ---- | C] () -- C:\Windows\SysWow64\9585zpy635.dll
[2009/08/16 07:07:31 | 00,003,698 | ---- | C] () -- C:\Windows\SysWow64\8z7spa5bot5a79.dll
[2009/08/11 09:21:23 | 00,017,146 | ---- | C] () -- C:\Windows\SysWow64\1095szyw5re5859.dll
[2009/07/24 21:56:43 | 00,010,184 | ---- | C] () -- C:\Windows\SysWow64\9785troj61z.dll
[2009/07/13 08:51:55 | 00,016,042 | ---- | C] () -- C:\Windows\SysWow64\7865s9arze1267.dll
[2009/06/23 13:36:55 | 00,011,493 | ---- | C] () -- C:\Windows\SysWow64\6e19ba5kdozr2934.dll
[2009/06/20 08:15:01 | 00,016,529 | ---- | C] () -- C:\Windows\SysWow64\5d40vzr199.dll
[2009/05/25 20:01:15 | 00,010,711 | ---- | C] () -- C:\Windows\SysWow64\22219vi9zs5cd.dll
[2009/05/15 06:41:41 | 00,015,744 | ---- | C] () -- C:\Windows\SysWow64\2a20zac9door26635.dll
[2009/05/11 03:13:20 | 00,007,839 | ---- | C] () -- C:\Windows\SysWow64\5901sparze9676.dll
[2009/04/12 19:41:33 | 00,006,606 | ---- | C] () -- C:\Windows\SysWow64\z57559acktool61e.dll
[2009/04/11 10:40:02 | 00,002,903 | ---- | C] () -- C:\Windows\SysWow64\15z56hac9too5602.dll
[2009/03/01 03:01:16 | 00,000,680 | ---- | C] () -- C:\Users\Brenda\AppData\Local\d3d9caps.dat
[2009/02/16 13:01:02 | 00,003,189 | ---- | C] () -- C:\Windows\SysWow64\12895tea919z7.dll
[2009/02/09 19:20:47 | 00,017,245 | ---- | C] () -- C:\Windows\SysWow64\933855acztool618.dll
[2009/01/21 08:03:24 | 00,012,771 | ---- | C] () -- C:\Windows\SysWow64\z7823hac59ool6aa.dll
[2009/01/20 17:58:15 | 00,073,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\SENTINEL.SYS
[2009/01/20 17:58:15 | 00,047,616 | ---- | C] () -- C:\Windows\SysWow64\SNTI386.DLL
[2009/01/20 17:58:15 | 00,017,920 | ---- | C] () -- C:\Windows\SysWow64\RNBOVDD.DLL
[2009/01/20 17:57:14 | 00,000,383 | ---- | C] () -- C:\Windows\SysWow64\haspdos.sys
[2009/01/20 17:53:18 | 00,000,816 | ---- | C] () -- C:\Windows\_delis32.ini
[2009/01/14 20:41:52 | 00,030,924 | ---- | C] () -- C:\Users\Brenda\AppData\Roaming\UserTile.png
[2009/01/12 09:19:50 | 00,007,565 | ---- | C] () -- C:\Windows\SysWow64\14454sz5297.dll
[2009/01/01 18:36:00 | 00,002,925 | ---- | C] () -- C:\Windows\SysWow64\16z5spy696.dll
[2008/12/13 19:28:09 | 00,012,658 | ---- | C] () -- C:\Windows\SysWow64\3209zvi5us30.dll
[2008/12/06 18:57:19 | 00,009,969 | ---- | C] () -- C:\Windows\SysWow64\19z91hack5ool5ef.dll
[2008/11/25 17:27:34 | 00,000,000 | ---- | C] () -- C:\Users\Brenda\AppData\Local\QSwitch.txt
[2008/11/25 17:27:34 | 00,000,000 | ---- | C] () -- C:\Users\Brenda\AppData\Local\DSwitch.txt
[2008/11/25 17:27:34 | 00,000,000 | ---- | C] () -- C:\Users\Brenda\AppData\Local\AtStart.txt
[2008/11/25 16:09:08 | 00,052,224 | ---- | C] () -- C:\Users\Brenda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/25 13:33:22 | 00,000,194 | ---- | C] () -- C:\Users\Brenda\AppData\Roaming\wklnhst.dat
[2008/11/19 21:42:15 | 00,011,951 | ---- | C] () -- C:\Windows\SysWow64\15985not-a-virus272z.dll
[2008/11/08 09:26:23 | 00,006,976 | ---- | C] () -- C:\Windows\SysWow64\45c9sparsz1738.dll
[2008/10/27 12:32:40 | 00,010,991 | ---- | C] () -- C:\Windows\SysWow64\z65a9dware2335.dll
[2008/10/22 22:13:28 | 00,014,016 | ---- | C] () -- C:\Windows\SysWow64\z8732s5y5c9.dll
[2008/10/14 11:00:14 | 00,004,494 | ---- | C] () -- C:\Windows\SysWow64\7z25spywa9e393.dll
[2008/09/05 08:23:53 | 00,006,990 | ---- | C] () -- C:\Windows\SysWow64\98227spz5botc3.dll
[2008/08/19 00:27:40 | 00,011,851 | ---- | C] () -- C:\Windows\SysWow64\709ethre9t1135z.dll
[2008/08/15 01:56:13 | 00,017,669 | ---- | C] () -- C:\Windows\SysWow64\285z49py150.dll
[2008/08/08 04:37:17 | 00,015,426 | ---- | C] () -- C:\Windows\SysWow64\519tr95z40.dll
[2008/08/07 16:41:34 | 00,016,129 | ---- | C] () -- C:\Windows\SysWow64\5a99s9zrse2050.dll
[2008/08/06 00:32:43 | 00,009,357 | ---- | C] () -- C:\Windows\SysWow64\5z349sp9108.dll
[2008/08/03 00:35:50 | 00,011,143 | ---- | C] () -- C:\Windows\SysWow64\218z7viru5639.dll
[2008/07/28 12:50:42 | 00,012,557 | ---- | C] () -- C:\Windows\SysWow64\3z507s5a9bot792.dll
[2008/07/20 09:39:12 | 00,002,674 | ---- | C] () -- C:\Windows\SysWow64\2574szamb9t5.dll
[2008/07/05 19:08:26 | 00,003,347 | ---- | C] () -- C:\Windows\SysWow64\49z95ackdoor3224.dll
[2008/06/28 11:43:21 | 00,003,405 | ---- | C] () -- C:\Windows\SysWow64\c95thzef1752.dll
[2008/06/27 09:07:03 | 00,010,393 | ---- | C] () -- C:\Windows\SysWow64\15959s5y1z6.dll
[2008/06/21 02:05:05 | 00,018,171 | ---- | C] () -- C:\Windows\SysWow64\4121hacktoz95bb5.dll
[2008/06/17 04:21:27 | 00,018,096 | ---- | C] () -- C:\Windows\SysWow64\1091zs9y452.dll
[2008/06/16 12:24:36 | 00,014,709 | ---- | C] () -- C:\Windows\SysWow64\75b5zp5ware2289.dll
[2008/06/16 08:54:33 | 00,002,967 | ---- | C] () -- C:\Windows\SysWow64\76a9v9r3z52.dll
[2008/06/10 01:37:56 | 00,000,371 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/06/06 05:43:29 | 00,008,078 | ---- | C] () -- C:\Windows\SysWow64\29a5th9ef133z.dll
[2008/06/01 21:09:46 | 00,015,115 | ---- | C] () -- C:\Windows\SysWow64\1z917virus5925.dll
[2008/06/01 11:41:44 | 00,002,655 | ---- | C] () -- C:\Windows\SysWow64\140abacz95or2391.dll
[2008/05/01 04:37:50 | 00,017,296 | ---- | C] () -- C:\Windows\SysWow64\289z4not-9-virus5f.dll
[2008/04/25 19:18:56 | 00,018,396 | ---- | C] () -- C:\Windows\SysWow64\6957tzoj53d9.dll
[2008/04/23 04:26:45 | 00,012,751 | ---- | C] () -- C:\Windows\SysWow64\65c9spyzare1072.dll
[2008/04/14 03:58:29 | 00,013,218 | ---- | C] () -- C:\Windows\SysWow64\13bcaddwaze2954.dll
[2008/04/12 19:54:25 | 00,008,125 | ---- | C] () -- C:\Windows\SysWow64\25z39not-a-virus724.dll
[2008/04/05 19:44:14 | 00,017,020 | ---- | C] () -- C:\Windows\SysWow64\6013threat19515z.dll
[2008/03/24 04:40:24 | 00,008,297 | ---- | C] () -- C:\Windows\SysWow64\5cc69hreaz52772.dll
[2008/03/20 20:16:36 | 00,010,397 | ---- | C] () -- C:\Windows\SysWow64\3985addwarez305.dll
[2008/03/18 14:09:32 | 00,006,636 | ---- | C] () -- C:\Windows\SysWow64\17995hacktool20z.dll
[2008/03/13 03:33:13 | 00,009,908 | ---- | C] () -- C:\Windows\SysWow64\4b89ste9l305z.dll
[2008/02/20 21:42:36 | 00,003,125 | ---- | C] () -- C:\Windows\SysWow64\57z7th9eat22967.dll
[2008/01/25 02:48:32 | 00,015,802 | ---- | C] () -- C:\Windows\SysWow64\50zbst95l1555.dll
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2002/09/08 17:55:52 | 00,005,520 | ---- | C] () -- C:\Windows\SysWow64\lsiprn.drv

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Brenda\Documents\MVI_4212.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Brenda\Documents\MVI_3613.AVI:TOC.WMV
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:206E2596
< End of report >

#8 jrosen19

Member

Group: Members
Posts: 28
Joined: 29-December 09

Posted 12 January 2010 - 03:35 PM

Extras.txt:

OTL Extras logfile created on: 1/12/2010 3:20:01 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\Brenda\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.24 Gb Total Space | 224.48 Gb Free Space | 78.15% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 1.83 Gb Free Space | 16.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAVA
Current User Name: Brenda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 5D 83 32 7B 6B 8D CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E2847F0-2821-42E1-ABFD-C41306B481A8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32FCFCED-447A-4791-B924-FCE8B6579120}" = lport=10243 | protocol=6 | dir=in | app=system |
"{448E19E5-B3CD-44C0-AE07-2516FF29A2FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{572D74C3-3AAC-4521-859F-2A5317BC5ECE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6601A440-1081-4FE8-928C-EC112826E345}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{67C5A17B-4402-4390-8208-E059D864BA09}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7023BDA6-F999-4016-9E1C-F29C6D1FD3BD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8DE8C8D4-094C-4137-A7ED-2F08E267B95B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96961522-4B1A-447E-926C-5CCED6A85BA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CDD0CBD-7585-4044-AA58-5D171E1DFA0E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A6B327A3-11A9-4BC5-BB92-8097D957D64D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD62EF34-CA57-4D10-A4AB-B84583366403}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B34914EB-CF59-4E92-84F7-4472F21F52C0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{BD81A0E9-0A45-4100-8425-072730E7A92F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6CA2EDE-FB81-4831-83E1-B180C3761DDE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6DE452B-BA6A-4B78-9B5E-89FC9D0CF225}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA4BE86F-E202-41C8-87C6-729B2B7F576D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E6002599-CEDE-4C97-A9C9-91D4E63E23EE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0270342F-D3BC-4D9E-8C8C-FDF4AAA4EA0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09D4884A-08C8-4593-8669-B79E0B0F4022}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{0D46C66A-AE70-4125-9D32-77DE5043C1A6}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{10F5EDBE-68E5-45CA-A1D8-33D50B4E164B}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{16C0C732-C49E-48AA-9DCF-1DF6DEBF21D5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{360A31FC-3578-4AAF-BF99-3A89AE0D89B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{399FFCE8-72A0-4CFD-A5C3-A46D2DDE5AB7}" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy\spybotsd.exe |
"{409F86B3-ACA8-4F46-913B-FB1734227B84}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{46F4B0D8-7B2B-4B8A-ACD0-A9D13F4F9A6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{47A15724-C4E3-467B-B2AF-16A80011CAD6}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{50F11BA9-9C7A-43B8-A15F-577C499A43A4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59592D98-0629-44CF-84E2-35DC70093C18}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B629744-FC9D-4442-8A50-6F8AC8AE812D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{60B40ADA-AE43-42FB-9500-D32F6D680C02}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{63476D56-1C9F-4FE1-9D16-7150DD0EA93F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C571737-2E95-4742-B4BB-B89C8090C6AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{70C203EB-427D-4694-82D9-DBCEA9404635}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{729DFED6-5289-4B3C-B1C4-E5988EC4FF56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{791CD8AB-04E1-475C-AD57-859A313055CA}" = protocol=6 | dir=out | app=system |
"{8040D595-DDDE-477D-BD24-6EED67FEA1F1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8363B9FA-B101-4079-A45C-2C8392DCEC75}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8C3CDAD4-6EB0-41FC-93AD-7051B7A36092}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D5B62B4-16BF-4F40-B0BE-273E974B860D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D9262ED-17E7-497F-908C-DBC3F3440009}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9904CF86-8424-409E-90AE-CDC276EFA05D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{AB174EA2-28A1-4BD3-A1FC-0CB757677D26}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{B84A95D0-8F46-49B8-B477-52DEABBC0795}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{D4CAA979-BAA3-466F-8999-DA39E5B2A912}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{D64D58F8-E3C3-44E2-9323-42FA1645BB8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D8801C2E-224E-43B5-A7A9-AB331DB27F0D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F00D6EF6-C652-4B15-89FB-DB95C13AF723}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F0655097-0E0F-429F-BA78-3CA52D959673}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3F5406A-2B05-456A-B4E3-08A81B570042}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F3F86580-653C-44D4-85B8-47F2B25A3868}" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy\spybotsd.exe |
"{F57EE2E1-ACC3-4F4E-87E8-165E23E7FCD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F67854C2-B265-4506-98F6-1280E91ECB1B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{BC7807B0-CC7A-4F5A-87FB-390FD6132DE7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{9E64E41B-7CA0-43A3-8661-20ABCE7732C4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7401FCC8-5B1A-394B-F8AF-E5F01561FBB8}" = ccc-utility64
"{7A0D5844-6ED1-26E5-A646-C2D2867EDADC}" = ATI Catalyst Install Manager
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client for Internet Explorer 1.02.28
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01B10898-0693-5E45-8C0B-CB4B0C2CB5C9}" = CCC Help Spanish
"{01E71682-7A62-31B6-2E19-82C4C2C410C3}" = CCC Help Korean
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05F5ADF7-B9BF-E5AC-FDA4-C412C150763F}" = Catalyst Control Center Localization Greek
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0892BA56-B55A-EA45-74A7-C728BEFCEE4A}" = Catalyst Control Center Localization Norwegian
"{0BCE001B-D952-7242-1378-6B3188B7CDB6}" = Catalyst Control Center Localization Swedish
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{111CE1DA-F2B6-B449-8BDC-BFA807EEF343}" = Catalyst Control Center Localization Thai
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1550A772-F3DF-9DCA-70E4-5BA5FEDBDDEE}" = CCC Help Norwegian
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1B835521-00CB-B242-2072-DA41AE7E9F11}" = CCC Help Turkish
"{1DD26D8C-2B68-4945-9A3A-4EA6BF087D9F}" = Recipe Feeder Explorer Bar
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{246771C5-5589-C809-90A3-95D380CAEB0C}" = CCC Help Dutch
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2ACA4FB1-A1DB-BACF-05D8-9F654ED1F6F9}" = CCC Help Danish
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{335901DF-7FC7-76E9-AEFB-3BD15D5C1B8E}" = Catalyst Control Center Localization German
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{37F36B08-76D1-58D0-0B62-C873B3F1E04A}" = Catalyst Control Center Graphics Full Existing
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}" = Catalyst Control Center - Branding
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43519E32-0AC9-ACBF-0AC9-000CEDEBCAFB}" = CCC Help Russian
"{440EE84D-A37A-E283-D538-0A4E94AC6243}" = Catalyst Control Center Localization Dutch
"{456B2B42-C082-8B6F-923C-2C8920ECF559}" = Catalyst Control Center Localization Czech
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{48382386-BA53-3B91-668C-DE3F4969C00C}" = ccc-core-static
"{49521D72-2856-C7B9-F54E-26B116606B0D}" = Catalyst Control Center Localization Hungarian
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{50C5DCCD-C82F-3D45-AAC8-1E094717FF9B}" = CCC Help Czech
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{54F98E59-AC27-F6D6-8DF3-29E38BB1AFF9}" = Catalyst Control Center Localization Korean
"{57921C23-454B-1B45-6C32-B1A8BFC76875}" = Catalyst Control Center Localization French
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5C9B4046-4B37-3595-7BAF-1FFF58F2BA88}" = Catalyst Control Center Core Implementation
"{61C2601F-D1F4-6CC3-858B-80A54A1C1360}" = CCC Help Greek
"{6517CFDF-B7A4-77B6-2371-C76608D3C976}" = Monopoly
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E25BE3B-8E16-3A78-2BA7-1482A2D4743F}" = CCC Help English
"{6F26A541-E756-4C24-A36B-EFD3C6217EAF}" = CCC Help German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7491471D-DA69-6E11-623D-F3BCAF65F922}" = CCC Help Italian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F82D79D-81EF-DC6C-69FF-A45C282B1986}" = CCC Help Swedish
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81ACE059-6894-21DE-E3AB-E8D6AF38B5C4}" = Catalyst Control Center Localization Portuguese
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8572742E-08EA-FCEF-458A-4CE90851E804}" = Catalyst Control Center Localization Russian
"{86AE7C98-C72F-7F7D-D777-A76D850B7E3B}" = muvee Reveal
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8F0CFF10-034C-EE7E-3B2D-8C7F117BB3A6}" = Catalyst Control Center Localization Finnish
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9075DF27-7C34-D2D5-4E66-970E0E99E320}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9858B284-0ACC-3EB1-BBF7-B0D1A5D0C2FD}" = CCC Help Japanese
"{99415487-2D5D-42ED-AAAF-E65970913AD5}" = superStyle corePack
"{9A85A260-CC99-8DA9-0D03-60C12BE82189}" = CCC Help Polish
"{9D6C29FF-850B-9425-7B34-B21526874121}" = Catalyst Control Center Graphics Previews Vista
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9EBF6795-816C-06EB-BF29-06317FD5A730}" = Catalyst Control Center Localization Chinese Standard
"{9F2D3FB4-895E-A9F2-5B3A-118EDCE4E409}" = CCC Help Chinese Traditional
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F6EEA0-DBCD-2389-BA8D-9A16DB60FAD8}" = Catalyst Control Center Graphics Full New
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5737DB-03C3-1526-F31E-D45A588D8459}" = Catalyst Control Center Localization Japanese
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADBFC909-D682-10E2-43C6-790F25FA3296}" = CCC Help Finnish
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B5DA1D7B-9494-A847-F185-EE4B8C48D905}" = CCC Help Hungarian
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD2CC796-A584-9399-098A-2C2F291ABD1A}" = Catalyst Control Center Localization Spanish
"{C05A2E05-73A2-2672-7B82-59F3932AF6AD}" = CCC Help Thai
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C1C9D5E7-761D-817F-DBF2-1E77E20121BB}" = CCC Help Portuguese
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C39B346D-1E0D-CB23-CAC5-78CD5CBB495A}" = Catalyst Control Center Localization Italian
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5E794F3-2EAC-CA94-79ED-1E3E3267F40B}" = CCC Help Chinese Standard
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9690E1F-06A0-559B-37D2-B573DA95CA54}" = Catalyst Control Center Localization Danish
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CF217146-C889-3CB8-1490-07DA0DDB1318}" = CCC Help French
"{D68147A7-E42F-DA4B-209A-38CCC53702EC}" = Catalyst Control Center Localization Chinese Traditional
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F215C430-0ED4-47D4-B42E-346B96923650}" = Mirar
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7D7E6EA-2B25-ABB1-0F4A-F39764C2D15B}" = Skins
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FAF0230B-8A11-8052-AFC9-5DB998020FD5}" = Catalyst Control Center Localization Polish
"{FC7C3B82-C7CB-125A-23FE-EE268799F5E3}" = Catalyst Control Center Localization Turkish
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"CCleaner" = CCleaner (remove only)
"DSMT6" = MathType 6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Monopoly" = Monopoly (remove only)
"N360" = Norton 360
"Picasa 3" = Picasa 3
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 12.0" = RealPlayer
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = HP Games
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-604219708-840033-878688825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/18/2009 10:43:24 AM | Computer Name = Java | Source = WinMgmt | ID = 10
Description =

Error - 8/18/2009 10:43:42 AM | Computer Name = Java | Source = Application Error | ID = 1000
Description = Faulting application PCConfidential.exe, version 2008.4.0.17, time
stamp 0x47f23b14, faulting module WINUTIL5.DLL, version 2006.5.0.23, time stamp
0x449b122b, exception code 0xc0000005, fault offset 0x0005d18c, process id 0xfa4,
application start time 0x01ca201244442e9e.

Error - 8/18/2009 4:00:15 PM | Computer Name = Java | Source = WinMgmt | ID = 10
Description =

Error - 8/18/2009 4:01:46 PM | Computer Name = Java | Source = Application Error | ID = 1000
Description = Faulting application PCConfidential.exe, version 2008.4.0.17, time
stamp 0x47f23b14, faulting module WINUTIL5.DLL, version 2006.5.0.23, time stamp
0x449b122b, exception code 0xc0000005, fault offset 0x0005d18c, process id 0xc8c,
application start time 0x01ca203eb4579aef.

Error - 8/18/2009 8:46:35 PM | Computer Name = Java | Source = WinMgmt | ID = 10
Description =

Error - 8/18/2009 8:47:26 PM | Computer Name = Java | Source = Application Error | ID = 1000
Description = Faulting application PCConfidential.exe, version 2008.4.0.17, time
stamp 0x47f23b14, faulting module WINUTIL5.DLL, version 2006.5.0.23, time stamp
0x449b122b, exception code 0xc0000005, fault offset 0x0005d18c, process id 0xc10,
application start time 0x01ca20669bebfdbf.

Error - 8/18/2009 10:59:42 PM | Computer Name = Java | Source = EventSystem | ID = 4621
Description =

Error - 8/19/2009 7:02:00 AM | Computer Name = Java | Source = WinMgmt | ID = 10
Description =

Error - 8/19/2009 7:02:08 AM | Computer Name = Java | Source = Application Error | ID = 1000
Description = Faulting application PCConfidential.exe, version 2008.4.0.17, time
stamp 0x47f23b14, faulting module WINUTIL5.DLL, version 2006.5.0.23, time stamp
0x449b122b, exception code 0xc0000005, fault offset 0x0005d18c, process id 0xd30,
application start time 0x01ca20bc7cdb6532.

Error - 8/19/2009 8:09:22 AM | Computer Name = Java | Source = EventSystem | ID = 4621
Description =

[ Media Center Events ]
Error - 10/7/2009 6:16:19 PM | Computer Name = Java | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 7:49:15 PM | Computer Name = Java | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 7/17/2009 1:01:21 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/21/2009 12:53:49 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2009 10:02:49 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/11/2009 7:42:07 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/11/2009 7:42:27 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/18/2009 9:02:55 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/1/2009 8:59:02 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/5/2009 12:26:33 AM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/5/2009 12:37:07 AM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/28/2009 10:27:34 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3777
seconds with 1980 seconds of active time. This session ended with a crash.

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Extras.txt:

OTL Extras logfile created on: 1/12/2010 3:20:01 PM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\Brenda\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.24 Gb Total Space | 224.48 Gb Free Space | 78.15% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 1.83 Gb Free Space | 16.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAVA
Current User Name: Brenda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 5D 83 32 7B 6B 8D CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E2847F0-2821-42E1-ABFD-C41306B481A8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32FCFCED-447A-4791-B924-FCE8B6579120}" = lport=10243 | protocol=6 | dir=in | app=system |
"{448E19E5-B3CD-44C0-AE07-2516FF29A2FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{572D74C3-3AAC-4521-859F-2A5317BC5ECE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6601A440-1081-4FE8-928C-EC112826E345}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{67C5A17B-4402-4390-8208-E059D864BA09}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7023BDA6-F999-4016-9E1C-F29C6D1FD3BD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8DE8C8D4-094C-4137-A7ED-2F08E267B95B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96961522-4B1A-447E-926C-5CCED6A85BA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CDD0CBD-7585-4044-AA58-5D171E1DFA0E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A6B327A3-11A9-4BC5-BB92-8097D957D64D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD62EF34-CA57-4D10-A4AB-B84583366403}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B34914EB-CF59-4E92-84F7-4472F21F52C0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{BD81A0E9-0A45-4100-8425-072730E7A92F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6CA2EDE-FB81-4831-83E1-B180C3761DDE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6DE452B-BA6A-4B78-9B5E-89FC9D0CF225}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA4BE86F-E202-41C8-87C6-729B2B7F576D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E6002599-CEDE-4C97-A9C9-91D4E63E23EE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0270342F-D3BC-4D9E-8C8C-FDF4AAA4EA0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09D4884A-08C8-4593-8669-B79E0B0F4022}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{0D46C66A-AE70-4125-9D32-77DE5043C1A6}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{10F5EDBE-68E5-45CA-A1D8-33D50B4E164B}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{16C0C732-C49E-48AA-9DCF-1DF6DEBF21D5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{360A31FC-3578-4AAF-BF99-3A89AE0D89B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{399FFCE8-72A0-4CFD-A5C3-A46D2DDE5AB7}" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy\spybotsd.exe |
"{409F86B3-ACA8-4F46-913B-FB1734227B84}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{46F4B0D8-7B2B-4B8A-ACD0-A9D13F4F9A6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{47A15724-C4E3-467B-B2AF-16A80011CAD6}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{50F11BA9-9C7A-43B8-A15F-577C499A43A4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59592D98-0629-44CF-84E2-35DC70093C18}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B629744-FC9D-4442-8A50-6F8AC8AE812D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{60B40ADA-AE43-42FB-9500-D32F6D680C02}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{63476D56-1C9F-4FE1-9D16-7150DD0EA93F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C571737-2E95-4742-B4BB-B89C8090C6AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{70C203EB-427D-4694-82D9-DBCEA9404635}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{729DFED6-5289-4B3C-B1C4-E5988EC4FF56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{791CD8AB-04E1-475C-AD57-859A313055CA}" = protocol=6 | dir=out | app=system |
"{8040D595-DDDE-477D-BD24-6EED67FEA1F1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8363B9FA-B101-4079-A45C-2C8392DCEC75}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8C3CDAD4-6EB0-41FC-93AD-7051B7A36092}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D5B62B4-16BF-4F40-B0BE-273E974B860D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D9262ED-17E7-497F-908C-DBC3F3440009}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9904CF86-8424-409E-90AE-CDC276EFA05D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{AB174EA2-28A1-4BD3-A1FC-0CB757677D26}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{B84A95D0-8F46-49B8-B477-52DEABBC0795}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{D4CAA979-BAA3-466F-8999-DA39E5B2A912}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{D64D58F8-E3C3-44E2-9323-42FA1645BB8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D8801C2E-224E-43B5-A7A9-AB331DB27F0D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F00D6EF6-C652-4B15-89FB-DB95C13AF723}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F0655097-0E0F-429F-BA78-3CA52D959673}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3F5406A-2B05-456A-B4E3-08A81B570042}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F3F86580-653C-44D4-85B8-47F2B25A3868}" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy\spybotsd.exe |
"{F57EE2E1-ACC3-4F4E-87E8-165E23E7FCD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F67854C2-B265-4506-98F6-1280E91ECB1B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{BC7807B0-CC7A-4F5A-87FB-390FD6132DE7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{9E64E41B-7CA0-43A3-8661-20ABCE7732C4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AD2F8FE-A357-4728-BDF8-B92D794CE793}" = HP QuickTouch 1.00 D2
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7401FCC8-5B1A-394B-F8AF-E5F01561FBB8}" = ccc-utility64
"{7A0D5844-6ED1-26E5-A646-C2D2867EDADC}" = ATI Catalyst Install Manager
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client for Internet Explorer 1.02.28
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01B10898-0693-5E45-8C0B-CB4B0C2CB5C9}" = CCC Help Spanish
"{01E71682-7A62-31B6-2E19-82C4C2C410C3}" = CCC Help Korean
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05F5ADF7-B9BF-E5AC-FDA4-C412C150763F}" = Catalyst Control Center Localization Greek
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0892BA56-B55A-EA45-74A7-C728BEFCEE4A}" = Catalyst Control Center Localization Norwegian
"{0BCE001B-D952-7242-1378-6B3188B7CDB6}" = Catalyst Control Center Localization Swedish
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{111CE1DA-F2B6-B449-8BDC-BFA807EEF343}" = Catalyst Control Center Localization Thai
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1550A772-F3DF-9DCA-70E4-5BA5FEDBDDEE}" = CCC Help Norwegian
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1B835521-00CB-B242-2072-DA41AE7E9F11}" = CCC Help Turkish
"{1DD26D8C-2B68-4945-9A3A-4EA6BF087D9F}" = Recipe Feeder Explorer Bar
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{246771C5-5589-C809-90A3-95D380CAEB0C}" = CCC Help Dutch
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2ACA4FB1-A1DB-BACF-05D8-9F654ED1F6F9}" = CCC Help Danish
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{335901DF-7FC7-76E9-AEFB-3BD15D5C1B8E}" = Catalyst Control Center Localization German
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{37F36B08-76D1-58D0-0B62-C873B3F1E04A}" = Catalyst Control Center Graphics Full Existing
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}" = Catalyst Control Center - Branding
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43519E32-0AC9-ACBF-0AC9-000CEDEBCAFB}" = CCC Help Russian
"{440EE84D-A37A-E283-D538-0A4E94AC6243}" = Catalyst Control Center Localization Dutch
"{456B2B42-C082-8B6F-923C-2C8920ECF559}" = Catalyst Control Center Localization Czech
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{48382386-BA53-3B91-668C-DE3F4969C00C}" = ccc-core-static
"{49521D72-2856-C7B9-F54E-26B116606B0D}" = Catalyst Control Center Localization Hungarian
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{50C5DCCD-C82F-3D45-AAC8-1E094717FF9B}" = CCC Help Czech
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{54F98E59-AC27-F6D6-8DF3-29E38BB1AFF9}" = Catalyst Control Center Localization Korean
"{57921C23-454B-1B45-6C32-B1A8BFC76875}" = Catalyst Control Center Localization French
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{5C9B4046-4B37-3595-7BAF-1FFF58F2BA88}" = Catalyst Control Center Core Implementation
"{61C2601F-D1F4-6CC3-858B-80A54A1C1360}" = CCC Help Greek
"{6517CFDF-B7A4-77B6-2371-C76608D3C976}" = Monopoly
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E25BE3B-8E16-3A78-2BA7-1482A2D4743F}" = CCC Help English
"{6F26A541-E756-4C24-A36B-EFD3C6217EAF}" = CCC Help German
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7491471D-DA69-6E11-623D-F3BCAF65F922}" = CCC Help Italian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F82D79D-81EF-DC6C-69FF-A45C282B1986}" = CCC Help Swedish
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81ACE059-6894-21DE-E3AB-E8D6AF38B5C4}" = Catalyst Control Center Localization Portuguese
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8572742E-08EA-FCEF-458A-4CE90851E804}" = Catalyst Control Center Localization Russian
"{86AE7C98-C72F-7F7D-D777-A76D850B7E3B}" = muvee Reveal
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8F0CFF10-034C-EE7E-3B2D-8C7F117BB3A6}" = Catalyst Control Center Localization Finnish
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9075DF27-7C34-D2D5-4E66-970E0E99E320}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9858B284-0ACC-3EB1-BBF7-B0D1A5D0C2FD}" = CCC Help Japanese
"{99415487-2D5D-42ED-AAAF-E65970913AD5}" = superStyle corePack
"{9A85A260-CC99-8DA9-0D03-60C12BE82189}" = CCC Help Polish
"{9D6C29FF-850B-9425-7B34-B21526874121}" = Catalyst Control Center Graphics Previews Vista
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{9EBF6795-816C-06EB-BF29-06317FD5A730}" = Catalyst Control Center Localization Chinese Standard
"{9F2D3FB4-895E-A9F2-5B3A-118EDCE4E409}" = CCC Help Chinese Traditional
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F6EEA0-DBCD-2389-BA8D-9A16DB60FAD8}" = Catalyst Control Center Graphics Full New
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5737DB-03C3-1526-F31E-D45A588D8459}" = Catalyst Control Center Localization Japanese
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADBFC909-D682-10E2-43C6-790F25FA3296}" = CCC Help Finnish
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B5DA1D7B-9494-A847-F185-EE4B8C48D905}" = CCC Help Hungarian
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD2CC796-A584-9399-098A-2C2F291ABD1A}" = Catalyst Control Center Localization Spanish
"{C05A2E05-73A2-2672-7B82-59F3932AF6AD}" = CCC Help Thai
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C1C9D5E7-761D-817F-DBF2-1E77E20121BB}" = CCC Help Portuguese
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C39B346D-1E0D-CB23-CAC5-78CD5CBB495A}" = Catalyst Control Center Localization Italian
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5E794F3-2EAC-CA94-79ED-1E3E3267F40B}" = CCC Help Chinese Standard
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9690E1F-06A0-559B-37D2-B573DA95CA54}" = Catalyst Control Center Localization Danish
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CF217146-C889-3CB8-1490-07DA0DDB1318}" = CCC Help French
"{D68147A7-E42F-DA4B-209A-38CCC53702EC}" = Catalyst Control Center Localization Chinese Traditional
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F215C430-0ED4-47D4-B42E-346B96923650}" = Mirar
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7D7E6EA-2B25-ABB1-0F4A-F39764C2D15B}" = Skins
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FAF0230B-8A11-8052-AFC9-5DB998020FD5}" = Catalyst Control Center Localization Polish
"{FC7C3B82-C7CB-125A-23FE-EE268799F5E3}" = Catalyst Control Center Localization Turkish
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"CCleaner" = CCleaner (remove only)
"DSMT6" = MathType 6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Monopoly" = Monopoly (remove only)
"N360" = Norton 360
"Picasa 3" = Picasa 3
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 12.0" = RealPlayer
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Web Tattoo)
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = HP Games
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-604219708-840033-878688825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/18/2009 10:43:24 AM | Computer Name = Java | Source = WinMgmt | ID = 10
Description =

Error - 8/18/2009 10:43:42 AM | Computer Name = Java | Source = Application Error | ID = 1000
Description = Faulting application PCConfidential.exe, version 2008.4.0.17, time
stamp 0x47f23b14, faulting module WINUTIL5.DLL, version 2006.5.0.23, time stamp
0x449b122b, exception code 0xc0000005, fault offset 0x0005d18c, process id 0xfa4,
application start time 0x01ca201244442e9e.

Error - 8/18/2009 4:00:15 PM | Computer Name = Java | Source = WinMgmt | ID = 10
Description =

Error - 8/18/2009 4:01:46 PM | Computer Name = Java | Source = Application Error | ID = 1000
Description = Faulting application PCConfidential.exe, version 2008.4.0.17, time
stamp 0x47f23b14, faulting module WINUTIL5.DLL, version 2006.5.0.23, time stamp
0x449b122b, exception code 0xc0000005, fault offset 0x0005d18c, process id 0xc8c,
application start time 0x01ca203eb4579aef.

Error - 8/18/2009 8:46:35 PM | Computer Name = Java | Source = WinMgmt | ID = 10
Description =

Error - 8/18/2009 8:47:26 PM | Computer Name = Java | Source = Application Error | ID = 1000
Description = Faulting application PCConfidential.exe, version 2008.4.0.17, time
stamp 0x47f23b14, faulting module WINUTIL5.DLL, version 2006.5.0.23, time stamp
0x449b122b, exception code 0xc0000005, fault offset 0x0005d18c, process id 0xc10,
application start time 0x01ca20669bebfdbf.

Error - 8/18/2009 10:59:42 PM | Computer Name = Java | Source = EventSystem | ID = 4621
Description =

Error - 8/19/2009 7:02:00 AM | Computer Name = Java | Source = WinMgmt | ID = 10
Description =

Error - 8/19/2009 7:02:08 AM | Computer Name = Java | Source = Application Error | ID = 1000
Description = Faulting application PCConfidential.exe, version 2008.4.0.17, time
stamp 0x47f23b14, faulting module WINUTIL5.DLL, version 2006.5.0.23, time stamp
0x449b122b, exception code 0xc0000005, fault offset 0x0005d18c, process id 0xd30,
application start time 0x01ca20bc7cdb6532.

Error - 8/19/2009 8:09:22 AM | Computer Name = Java | Source = EventSystem | ID = 4621
Description =

[ Media Center Events ]
Error - 10/7/2009 6:16:19 PM | Computer Name = Java | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 7:49:15 PM | Computer Name = Java | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 7/17/2009 1:01:21 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/21/2009 12:53:49 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/29/2009 10:02:49 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/11/2009 7:42:07 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/11/2009 7:42:27 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/18/2009 9:02:55 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/1/2009 8:59:02 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/5/2009 12:26:33 AM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/5/2009 12:37:07 AM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/28/2009 10:27:34 PM | Computer Name = Java | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3777
seconds with 1980 seconds of active time. This session ended with a crash.

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#9 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 12 January 2010 - 04:36 PM

Hi,

please run the following fix with OTL:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:otl
[2009/12/26 21:13:18 | 00,009,681 | ---- | M] () -- C:\Windows\SysWow64\29299zt-a5virus4dd.ocx
[2009/12/26 12:04:54 | 00,005,333 | ---- | M] () -- C:\Windows\SysWow64\15778not-a-v5zu93e9.ocx
[2009/12/26 06:34:47 | 00,005,735 | ---- | M] () -- C:\Windows\SysWow64\24806s9y7z05.dll
[2009/12/24 23:50:13 | 00,012,189 | ---- | M] () -- C:\Windows\SysWow64\219worz915.ocx
[2009/12/22 23:08:05 | 00,012,350 | ---- | M] () -- C:\Windows\SysWow64\56b6downzoade95167.ocx
[2009/12/22 15:08:01 | 00,015,860 | ---- | M] () -- C:\Windows\SysWow64\z74b9ir5460.exe
[2009/12/22 13:21:20 | 00,010,738 | ---- | M] () -- C:\Windows\SysWow64\8514s9yz4e.cpl
[2009/12/22 06:32:05 | 00,010,705 | ---- | M] () -- C:\Windows\SysWow64\7e47spywzr91455.cpl
[2009/12/22 04:40:24 | 00,010,741 | ---- | M] () -- C:\Windows\SysWow64\28829sz95bot43c.ocx
[2009/12/21 19:11:46 | 00,013,406 | ---- | M] () -- C:\Windows\SysWow64\226905iruz1f2.ocx
[2009/12/18 23:23:02 | 00,004,554 | ---- | M] () -- C:\Windows\SysWow64\4bb9viz15345.cpl
[2009/12/17 15:44:30 | 00,016,990 | ---- | M] () -- C:\Windows\SysWow64\896spa5sz500.dll
[2009/12/17 15:44:30 | 00,015,626 | ---- | M] () -- C:\Windows\SysWow64\5z03spamb9tff.ocx
[2009/12/17 15:44:30 | 00,014,671 | ---- | M] () -- C:\Windows\SysWow64\992ztro5597.bin
[2009/12/17 15:44:30 | 00,013,111 | ---- | M] () -- C:\Windows\SysWow64\5z7b9ownloa5er2850.dll
[2009/12/17 15:44:30 | 00,012,448 | ---- | M] () -- C:\Windows\SysWow64\29534wzr969c.cpl
[2009/12/17 15:44:30 | 00,011,959 | ---- | M] () -- C:\Windows\SysWow64\1947s5eaz3085.exe
[2009/12/17 15:44:30 | 00,004,332 | ---- | M] () -- C:\Windows\SysWow64\2d7esz59se1345.bin
[2009/12/17 15:44:30 | 00,002,522 | ---- | M] () -- C:\Windows\SysWow64\139z4not-a-vi5us124.bin
[2009/12/17 15:44:29 | 00,004,932 | ---- | M] () -- C:\Windows\SysWow64\7599zroj24c.ocx
[2009/12/17 15:44:25 | 00,017,898 | ---- | M] () -- C:\Windows\SysWow64\66a5szyware819.cpl
[2009/12/17 15:44:25 | 00,017,788 | ---- | M] () -- C:\Windows\SysWow64\403bthre5z1965.dll
[2009/12/17 15:44:25 | 00,017,710 | ---- | M] () -- C:\Windows\SysWow64\7d95spa9se1z335.bin
[2009/12/17 15:44:25 | 00,017,025 | ---- | M] () -- C:\Windows\SysWow64\24693not-z-vi5usdb.bin
[2009/12/17 15:44:25 | 00,016,779 | ---- | M] () -- C:\Windows\SysWow64\54762vzrus39c.ocx
[2009/12/17 15:44:25 | 00,016,512 | ---- | M] () -- C:\Windows\SysWow64\951adzwar51175.bin
[2009/12/17 15:44:25 | 00,015,312 | ---- | M] () -- C:\Windows\SysWow64\197775o9m3zc.exe
[2009/12/17 15:44:25 | 00,014,601 | ---- | M] () -- C:\Windows\SysWow64\23923spy5z0.bin
[2009/12/17 15:44:25 | 00,014,393 | ---- | M] () -- C:\Windows\SysWow64\4zd5backd5or9833.dll
[2009/12/17 15:44:25 | 00,013,156 | ---- | M] () -- C:\Windows\SysWow64\3235wzr95b1.bin
[2009/12/17 15:44:25 | 00,012,582 | ---- | M] () -- C:\Windows\SysWow64\55c9ste9l557z.ocx
[2009/12/17 15:44:25 | 00,012,190 | ---- | M] () -- C:\Windows\SysWow64\4d76spyz9re23935.cpl
[2009/12/17 15:44:25 | 00,011,828 | ---- | M] () -- C:\Windows\SysWow64\3515b9ckdoor20z6.dll
[2009/12/17 15:44:25 | 00,011,015 | ---- | M] () -- C:\Windows\SysWow64\z943spambot6775.bin
[2009/12/17 15:44:25 | 00,010,989 | ---- | M] () -- C:\Windows\SysWow64\163ctzrea915299.bin
[2009/12/17 15:44:25 | 00,010,935 | ---- | M] () -- C:\Windows\SysWow64\zd17st5al697.exe
[2009/12/17 15:44:25 | 00,009,887 | ---- | M] () -- C:\Windows\SysWow64\56fv9rz995.exe
[2009/12/17 15:44:25 | 00,009,156 | ---- | M] () -- C:\Windows\SysWow64\3069ddwarz5720.ocx
[2009/12/17 15:44:25 | 00,007,818 | ---- | M] () -- C:\Windows\SysWow64\a4z5ir3297.dll
[2009/12/17 15:44:25 | 00,006,398 | ---- | M] () -- C:\Windows\SysWow64\55z99teal105.ocx
[2009/12/17 15:44:25 | 00,005,654 | ---- | M] () -- C:\Windows\SysWow64\294bdzwn5oader1129.bin
[2009/12/17 15:44:25 | 00,005,642 | ---- | M] () -- C:\Windows\SysWow64\269bba5zdoor3164.bin
[2009/12/17 15:44:25 | 00,004,592 | ---- | M] () -- C:\Windows\SysWow64\28551s9amzot19f.bin
[2009/12/17 15:44:25 | 00,004,160 | ---- | M] () -- C:\Windows\SysWow64\19z77wor5393.ocx
[2009/12/17 15:44:25 | 00,003,640 | ---- | M] () -- C:\Windows\SysWow64\2z66sp51119.dll
[2009/12/17 15:44:25 | 00,003,184 | ---- | M] () -- C:\Windows\SysWow64\zf29vi92158.exe
[2009/12/17 15:44:25 | 00,003,094 | ---- | M] () -- C:\Windows\SysWow64\21538n5tza9virus573.ocx
[2009/12/17 15:44:25 | 00,002,884 | ---- | M] () -- C:\Windows\SysWow64\15535zrojb9.dll
[2009/12/17 15:44:24 | 00,018,229 | ---- | M] () -- C:\Windows\SysWow64\cbz95ief1816.cpl
[2009/12/17 15:44:24 | 00,017,549 | ---- | M] () -- C:\Windows\SysWow64\5956thie91z92.cpl
[2009/12/17 15:44:24 | 00,016,891 | ---- | M] () -- C:\Windows\SysWow64\18z53not-a-5i9us7a8.cpl
[2009/12/17 15:44:24 | 00,015,961 | ---- | M] () -- C:\Windows\SysWow64\z1951wo5mb6.exe
[2009/12/17 15:44:24 | 00,015,408 | ---- | M] () -- C:\Windows\SysWow64\7fezs9yware765.cpl
[2009/12/17 15:44:24 | 00,014,604 | ---- | M] () -- C:\Windows\SysWow64\51d9downloader15z1.bin
[2009/12/17 15:44:24 | 00,014,549 | ---- | M] () -- C:\Windows\SysWow64\5d6zdo9nloader2705.cpl
[2009/12/17 15:44:24 | 00,014,083 | ---- | M] () -- C:\Windows\SysWow64\3954zro95ee.cpl
[2009/12/17 15:44:24 | 00,008,824 | ---- | M] () -- C:\Windows\SysWow64\59085zy546.exe
[2009/12/17 15:44:24 | 00,008,245 | ---- | M] () -- C:\Windows\SysWow64\5z19spy215.ocx
[2009/12/17 15:44:24 | 00,006,996 | ---- | M] () -- C:\Windows\SysWow64\8bzs9ar5e2011.exe
[2009/12/17 15:44:24 | 00,006,714 | ---- | M] () -- C:\Windows\SysWow64\7957s9y2z95.exe
[2009/12/17 15:44:24 | 00,004,336 | ---- | M] () -- C:\Windows\SysWow64\204spambot15z9.dll
[2009/12/17 15:44:24 | 00,004,334 | ---- | M] () -- C:\Windows\SysWow64\2z9faddware2565.bin
[2009/12/17 15:44:24 | 00,003,426 | ---- | M] () -- C:\Windows\SysWow64\93bbzir2555.bin
[2009/12/17 15:44:23 | 00,009,399 | ---- | M] () -- C:\Windows\SysWow64\760zspam9ot53e.cpl
[2009/12/17 15:44:23 | 00,004,294 | ---- | M] () -- C:\Windows\SysWow64\z2369py115.ocx
[2009/12/17 15:44:23 | 00,003,129 | ---- | M] () -- C:\Windows\SysWow64\56fbthi9fz1275.dll
[2009/12/17 15:44:23 | 00,002,959 | ---- | M] () -- C:\Windows\SysWow64\3095t5o9z09.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\00032290.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\00031f7b.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\00031e5c.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\00031bfa.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\00031a00.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\000319ad.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\0003190c.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\0003164a.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\0003146d.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\0003142d.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\000313ec.exe
[2009/12/17 15:43:47 | 00,040,448 | ---- | M] () -- C:\Windows\SysWow64\00030e72.exe
[2009/12/17 11:54:26 | 00,006,140 | ---- | M] () -- C:\Windows\SysWow64\13651t9ojzac.exe
[2009/12/26 21:13:18 | 00,009,681 | ---- | C] () -- C:\Windows\SysWow64\29299zt-a5virus4dd.ocx
[2009/12/26 12:04:54 | 00,005,333 | ---- | C] () -- C:\Windows\SysWow64\15778not-a-v5zu93e9.ocx
[2009/12/26 06:34:47 | 00,005,735 | ---- | C] () -- C:\Windows\SysWow64\24806s9y7z05.dll
[2009/12/24 23:50:13 | 00,012,189 | ---- | C] () -- C:\Windows\SysWow64\219worz915.ocx
[2009/12/24 03:11:51 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\00032290.exe
[2009/12/24 03:11:50 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\00031f7b.exe
[2009/12/24 03:11:50 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\00031e5c.exe
[2009/12/24 03:11:50 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\000319ad.exe
[2009/12/24 03:11:50 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\0003190c.exe
[2009/12/24 03:11:50 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\0003164a.exe
[2009/12/24 03:11:49 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\00031bfa.exe
[2009/12/24 03:11:49 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\0003146d.exe
[2009/12/24 03:11:49 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\0003142d.exe
[2009/12/24 03:11:48 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\00031a00.exe
[2009/12/24 03:11:48 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\000313ec.exe
[2009/12/24 03:11:48 | 00,040,448 | ---- | C] () -- C:\Windows\SysWow64\00030e72.exe
[2009/12/22 23:08:05 | 00,012,350 | ---- | C] () -- C:\Windows\SysWow64\56b6downzoade95167.ocx
[2009/12/22 15:08:01 | 00,015,860 | ---- | C] () -- C:\Windows\SysWow64\z74b9ir5460.exe
[2009/12/22 13:21:20 | 00,010,738 | ---- | C] () -- C:\Windows\SysWow64\8514s9yz4e.cpl
[2009/12/22 06:32:05 | 00,010,705 | ---- | C] () -- C:\Windows\SysWow64\7e47spywzr91455.cpl
[2009/12/22 04:40:24 | 00,010,741 | ---- | C] () -- C:\Windows\SysWow64\28829sz95bot43c.ocx
[2009/12/21 19:11:46 | 00,013,406 | ---- | C] () -- C:\Windows\SysWow64\226905iruz1f2.ocx
[2009/12/18 23:23:02 | 00,004,554 | ---- | C] () -- C:\Windows\SysWow64\4bb9viz15345.cpl
[2009/12/17 15:44:30 | 00,016,990 | ---- | C] () -- C:\Windows\SysWow64\896spa5sz500.dll
[2009/12/17 15:44:30 | 00,015,626 | ---- | C] () -- C:\Windows\SysWow64\5z03spamb9tff.ocx
[2009/12/17 15:44:30 | 00,014,671 | ---- | C] () -- C:\Windows\SysWow64\992ztro5597.bin
[2009/12/17 15:44:30 | 00,013,111 | ---- | C] () -- C:\Windows\SysWow64\5z7b9ownloa5er2850.dll
[2009/12/17 15:44:30 | 00,012,448 | ---- | C] () -- C:\Windows\SysWow64\29534wzr969c.cpl
[2009/12/17 15:44:30 | 00,011,959 | ---- | C] () -- C:\Windows\SysWow64\1947s5eaz3085.exe
[2009/12/17 15:44:30 | 00,004,332 | ---- | C] () -- C:\Windows\SysWow64\2d7esz59se1345.bin
[2009/12/17 15:44:30 | 00,002,522 | ---- | C] () -- C:\Windows\SysWow64\139z4not-a-vi5us124.bin
[2009/12/17 15:44:29 | 00,004,932 | ---- | C] () -- C:\Windows\SysWow64\7599zroj24c.ocx
[2009/12/17 15:44:25 | 00,017,898 | ---- | C] () -- C:\Windows\SysWow64\66a5szyware819.cpl
[2009/12/17 15:44:25 | 00,017,788 | ---- | C] () -- C:\Windows\SysWow64\403bthre5z1965.dll
[2009/12/17 15:44:25 | 00,017,710 | ---- | C] () -- C:\Windows\SysWow64\7d95spa9se1z335.bin
[2009/12/17 15:44:25 | 00,017,025 | ---- | C] () -- C:\Windows\SysWow64\24693not-z-vi5usdb.bin
[2009/12/17 15:44:25 | 00,016,779 | ---- | C] () -- C:\Windows\SysWow64\54762vzrus39c.ocx
[2009/12/17 15:44:25 | 00,016,512 | ---- | C] () -- C:\Windows\SysWow64\951adzwar51175.bin
[2009/12/17 15:44:25 | 00,015,312 | ---- | C] () -- C:\Windows\SysWow64\197775o9m3zc.exe
[2009/12/17 15:44:25 | 00,014,601 | ---- | C] () -- C:\Windows\SysWow64\23923spy5z0.bin
[2009/12/17 15:44:25 | 00,014,393 | ---- | C] () -- C:\Windows\SysWow64\4zd5backd5or9833.dll
[2009/12/17 15:44:25 | 00,013,156 | ---- | C] () -- C:\Windows\SysWow64\3235wzr95b1.bin
[2009/12/17 15:44:25 | 00,012,582 | ---- | C] () -- C:\Windows\SysWow64\55c9ste9l557z.ocx
[2009/12/17 15:44:25 | 00,012,190 | ---- | C] () -- C:\Windows\SysWow64\4d76spyz9re23935.cpl
[2009/12/17 15:44:25 | 00,011,828 | ---- | C] () -- C:\Windows\SysWow64\3515b9ckdoor20z6.dll
[2009/12/17 15:44:25 | 00,011,015 | ---- | C] () -- C:\Windows\SysWow64\z943spambot6775.bin
[2009/12/17 15:44:25 | 00,010,989 | ---- | C] () -- C:\Windows\SysWow64\163ctzrea915299.bin
[2009/12/17 15:44:25 | 00,010,935 | ---- | C] () -- C:\Windows\SysWow64\zd17st5al697.exe
[2009/12/17 15:44:25 | 00,009,887 | ---- | C] () -- C:\Windows\SysWow64\56fv9rz995.exe
[2009/12/17 15:44:25 | 00,009,156 | ---- | C] () -- C:\Windows\SysWow64\3069ddwarz5720.ocx
[2009/12/17 15:44:25 | 00,007,818 | ---- | C] () -- C:\Windows\SysWow64\a4z5ir3297.dll
[2009/12/17 15:44:25 | 00,006,398 | ---- | C] () -- C:\Windows\SysWow64\55z99teal105.ocx
[2009/12/17 15:44:25 | 00,005,654 | ---- | C] () -- C:\Windows\SysWow64\294bdzwn5oader1129.bin
[2009/12/17 15:44:25 | 00,005,642 | ---- | C] () -- C:\Windows\SysWow64\269bba5zdoor3164.bin
[2009/12/17 15:44:25 | 00,004,592 | ---- | C] () -- C:\Windows\SysWow64\28551s9amzot19f.bin
[2009/12/17 15:44:25 | 00,004,160 | ---- | C] () -- C:\Windows\SysWow64\19z77wor5393.ocx
[2009/12/17 15:44:25 | 00,003,640 | ---- | C] () -- C:\Windows\SysWow64\2z66sp51119.dll
[2009/12/17 15:44:25 | 00,003,184 | ---- | C] () -- C:\Windows\SysWow64\zf29vi92158.exe
[2009/12/17 15:44:25 | 00,003,094 | ---- | C] () -- C:\Windows\SysWow64\21538n5tza9virus573.ocx
[2009/12/17 15:44:25 | 00,002,884 | ---- | C] () -- C:\Windows\SysWow64\15535zrojb9.dll
[2009/12/17 15:44:24 | 00,018,229 | ---- | C] () -- C:\Windows\SysWow64\cbz95ief1816.cpl
[2009/12/17 15:44:24 | 00,017,549 | ---- | C] () -- C:\Windows\SysWow64\5956thie91z92.cpl
[2009/12/17 15:44:24 | 00,016,891 | ---- | C] () -- C:\Windows\SysWow64\18z53not-a-5i9us7a8.cpl
[2009/12/17 15:44:24 | 00,015,961 | ---- | C] () -- C:\Windows\SysWow64\z1951wo5mb6.exe
[2009/12/17 15:44:24 | 00,015,408 | ---- | C] () -- C:\Windows\SysWow64\7fezs9yware765.cpl
[2009/12/17 15:44:24 | 00,014,604 | ---- | C] () -- C:\Windows\SysWow64\51d9downloader15z1.bin
[2009/12/17 15:44:24 | 00,014,549 | ---- | C] () -- C:\Windows\SysWow64\5d6zdo9nloader2705.cpl
[2009/12/17 15:44:24 | 00,014,083 | ---- | C] () -- C:\Windows\SysWow64\3954zro95ee.cpl
[2009/12/17 15:44:24 | 00,008,824 | ---- | C] () -- C:\Windows\SysWow64\59085zy546.exe
[2009/12/17 15:44:24 | 00,008,245 | ---- | C] () -- C:\Windows\SysWow64\5z19spy215.ocx
[2009/12/17 15:44:24 | 00,006,996 | ---- | C] () -- C:\Windows\SysWow64\8bzs9ar5e2011.exe
[2009/12/17 15:44:24 | 00,006,714 | ---- | C] () -- C:\Windows\SysWow64\7957s9y2z95.exe
[2009/12/17 15:44:24 | 00,004,336 | ---- | C] () -- C:\Windows\SysWow64\204spambot15z9.dll
[2009/12/17 15:44:24 | 00,004,334 | ---- | C] () -- C:\Windows\SysWow64\2z9faddware2565.bin
[2009/12/17 15:44:24 | 00,003,426 | ---- | C] () -- C:\Windows\SysWow64\93bbzir2555.bin
[2009/12/17 15:44:23 | 00,009,399 | ---- | C] () -- C:\Windows\SysWow64\760zspam9ot53e.cpl
[2009/12/17 15:44:23 | 00,004,294 | ---- | C] () -- C:\Windows\SysWow64\z2369py115.ocx
[2009/12/17 15:44:23 | 00,003,129 | ---- | C] () -- C:\Windows\SysWow64\56fbthi9fz1275.dll
[2009/12/17 15:44:23 | 00,002,959 | ---- | C] () -- C:\Windows\SysWow64\3095t5o9z09.exe
[2009/12/17 11:54:26 | 00,006,140 | ---- | C] () -- C:\Windows\SysWow64\13651t9ojzac.exe
[2009/11/27 01:12:00 | 00,003,280 | ---- | C] () -- C:\Windows\SysWow64\75z9ste5l2158.dll
[2009/11/25 14:17:40 | 00,005,599 | ---- | C] () -- C:\Windows\SysWow64\29629pamzot6085.dll
[2009/11/24 11:07:23 | 00,014,169 | ---- | C] () -- C:\Windows\SysWow64\14119worz595.dll
[2009/11/19 16:30:46 | 00,015,177 | ---- | C] () -- C:\Windows\SysWow64\8855pam9ztda.dll
[2009/10/23 12:11:53 | 00,010,934 | ---- | C] () -- C:\Windows\SysWow64\7934steaz596.dll
[2009/10/17 12:53:33 | 00,014,743 | ---- | C] () -- C:\Windows\SysWow64\435fvi93z50.dll
[2009/10/17 04:12:17 | 00,005,818 | ---- | C] () -- C:\Windows\SysWow64\29673notza-virus2b95.dll
[2009/10/12 02:48:15 | 00,007,059 | ---- | C] () -- C:\Windows\SysWow64\a9f5owzloader2601.dll
[2009/09/12 08:33:58 | 00,006,890 | ---- | C] () -- C:\Windows\SysWow64\11540spz395.dll
[2009/09/06 20:37:02 | 00,014,959 | ---- | C] () -- C:\Windows\SysWow64\6fd5s95waze2629.dll
[2009/08/22 23:50:28 | 00,008,804 | ---- | C] () -- C:\Windows\SysWow64\9585zpy635.dll
[2009/08/16 07:07:31 | 00,003,698 | ---- | C] () -- C:\Windows\SysWow64\8z7spa5bot5a79.dll
[2009/08/11 09:21:23 | 00,017,146 | ---- | C] () -- C:\Windows\SysWow64\1095szyw5re5859.dll
[2009/07/24 21:56:43 | 00,010,184 | ---- | C] () -- C:\Windows\SysWow64\9785troj61z.dll
[2009/07/13 08:51:55 | 00,016,042 | ---- | C] () -- C:\Windows\SysWow64\7865s9arze1267.dll
[2009/06/23 13:36:55 | 00,011,493 | ---- | C] () -- C:\Windows\SysWow64\6e19ba5kdozr2934.dll
[2009/06/20 08:15:01 | 00,016,529 | ---- | C] () -- C:\Windows\SysWow64\5d40vzr199.dll
[2009/05/25 20:01:15 | 00,010,711 | ---- | C] () -- C:\Windows\SysWow64\22219vi9zs5cd.dll
[2009/05/15 06:41:41 | 00,015,744 | ---- | C] () -- C:\Windows\SysWow64\2a20zac9door26635.dll
[2009/05/11 03:13:20 | 00,007,839 | ---- | C] () -- C:\Windows\SysWow64\5901sparze9676.dll
[2009/04/12 19:41:33 | 00,006,606 | ---- | C] () -- C:\Windows\SysWow64\z57559acktool61e.dll
[2009/04/11 10:40:02 | 00,002,903 | ---- | C] () -- C:\Windows\SysWow64\15z56hac9too5602.dll
[2009/02/16 13:01:02 | 00,003,189 | ---- | C] () -- C:\Windows\SysWow64\12895tea919z7.dll
[2009/02/09 19:20:47 | 00,017,245 | ---- | C] () -- C:\Windows\SysWow64\933855acztool618.dll
[2009/01/21 08:03:24 | 00,012,771 | ---- | C] () -- C:\Windows\SysWow64\z7823hac59ool6aa.dll
[2009/01/12 09:19:50 | 00,007,565 | ---- | C] () -- C:\Windows\SysWow64\14454sz5297.dll
[2009/01/01 18:36:00 | 00,002,925 | ---- | C] () -- C:\Windows\SysWow64\16z5spy696.dll
[2008/12/13 19:28:09 | 00,012,658 | ---- | C] () -- C:\Windows\SysWow64\3209zvi5us30.dll
[2008/12/06 18:57:19 | 00,009,969 | ---- | C] () -- C:\Windows\SysWow64\19z91hack5ool5ef.dll
[2008/11/19 21:42:15 | 00,011,951 | ---- | C] () -- C:\Windows\SysWow64\15985not-a-virus272z.dll
[2008/11/08 09:26:23 | 00,006,976 | ---- | C] () -- C:\Windows\SysWow64\45c9sparsz1738.dll
[2008/10/27 12:32:40 | 00,010,991 | ---- | C] () -- C:\Windows\SysWow64\z65a9dware2335.dll
[2008/10/22 22:13:28 | 00,014,016 | ---- | C] () -- C:\Windows\SysWow64\z8732s5y5c9.dll
[2008/10/14 11:00:14 | 00,004,494 | ---- | C] () -- C:\Windows\SysWow64\7z25spywa9e393.dll
[2008/09/05 08:23:53 | 00,006,990 | ---- | C] () -- C:\Windows\SysWow64\98227spz5botc3.dll
[2008/08/19 00:27:40 | 00,011,851 | ---- | C] () -- C:\Windows\SysWow64\709ethre9t1135z.dll
[2008/08/15 01:56:13 | 00,017,669 | ---- | C] () -- C:\Windows\SysWow64\285z49py150.dll
[2008/08/08 04:37:17 | 00,015,426 | ---- | C] () -- C:\Windows\SysWow64\519tr95z40.dll
[2008/08/07 16:41:34 | 00,016,129 | ---- | C] () -- C:\Windows\SysWow64\5a99s9zrse2050.dll
[2008/08/06 00:32:43 | 00,009,357 | ---- | C] () -- C:\Windows\SysWow64\5z349sp9108.dll
[2008/08/03 00:35:50 | 00,011,143 | ---- | C] () -- C:\Windows\SysWow64\218z7viru5639.dll
[2008/07/28 12:50:42 | 00,012,557 | ---- | C] () -- C:\Windows\SysWow64\3z507s5a9bot792.dll
[2008/07/20 09:39:12 | 00,002,674 | ---- | C] () -- C:\Windows\SysWow64\2574szamb9t5.dll
[2008/07/05 19:08:26 | 00,003,347 | ---- | C] () -- C:\Windows\SysWow64\49z95ackdoor3224.dll
[2008/06/28 11:43:21 | 00,003,405 | ---- | C] () -- C:\Windows\SysWow64\c95thzef1752.dll
[2008/06/27 09:07:03 | 00,010,393 | ---- | C] () -- C:\Windows\SysWow64\15959s5y1z6.dll
[2008/06/21 02:05:05 | 00,018,171 | ---- | C] () -- C:\Windows\SysWow64\4121hacktoz95bb5.dll
[2008/06/17 04:21:27 | 00,018,096 | ---- | C] () -- C:\Windows\SysWow64\1091zs9y452.dll
[2008/06/16 12:24:36 | 00,014,709 | ---- | C] () -- C:\Windows\SysWow64\75b5zp5ware2289.dll
[2008/06/16 08:54:33 | 00,002,967 | ---- | C] () -- C:\Windows\SysWow64\76a9v9r3z52.dll
[2008/06/06 05:43:29 | 00,008,078 | ---- | C] () -- C:\Windows\SysWow64\29a5th9ef133z.dll
[2008/06/01 21:09:46 | 00,015,115 | ---- | C] () -- C:\Windows\SysWow64\1z917virus5925.dll
[2008/06/01 11:41:44 | 00,002,655 | ---- | C] () -- C:\Windows\SysWow64\140abacz95or2391.dll
[2008/05/01 04:37:50 | 00,017,296 | ---- | C] () -- C:\Windows\SysWow64\289z4not-9-virus5f.dll
[2008/04/25 19:18:56 | 00,018,396 | ---- | C] () -- C:\Windows\SysWow64\6957tzoj53d9.dll
[2008/04/23 04:26:45 | 00,012,751 | ---- | C] () -- C:\Windows\SysWow64\65c9spyzare1072.dll
[2008/04/14 03:58:29 | 00,013,218 | ---- | C] () -- C:\Windows\SysWow64\13bcaddwaze2954.dll
[2008/04/12 19:54:25 | 00,008,125 | ---- | C] () -- C:\Windows\SysWow64\25z39not-a-virus724.dll
[2008/04/05 19:44:14 | 00,017,020 | ---- | C] () -- C:\Windows\SysWow64\6013threat19515z.dll
[2008/03/24 04:40:24 | 00,008,297 | ---- | C] () -- C:\Windows\SysWow64\5cc69hreaz52772.dll
[2008/03/20 20:16:36 | 00,010,397 | ---- | C] () -- C:\Windows\SysWow64\3985addwarez305.dll
[2008/03/18 14:09:32 | 00,006,636 | ---- | C] () -- C:\Windows\SysWow64\17995hacktool20z.dll
[2008/03/13 03:33:13 | 00,009,908 | ---- | C] () -- C:\Windows\SysWow64\4b89ste9l305z.dll
[2008/02/20 21:42:36 | 00,003,125 | ---- | C] () -- C:\Windows\SysWow64\57z7th9eat22967.dll
[2008/01/25 02:48:32 | 00,015,802 | ---- | C] () -- C:\Windows\SysWow64\50zbst95l1555.dll
:commands
[emptytemp]

Then click the Run Fix button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

================================Follow up scan=================================

Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#10 jrosen19

Member

Group: Members
Posts: 28
Joined: 29-December 09

Posted 12 January 2010 - 05:19 PM

All processes killed
========== OTL ==========
C:\Windows\SysWOW64\29299zt-a5virus4dd.ocx moved successfully.
C:\Windows\SysWOW64\15778not-a-v5zu93e9.ocx moved successfully.
C:\Windows\SysWOW64\24806s9y7z05.dll moved successfully.
C:\Windows\SysWOW64\219worz915.ocx moved successfully.
C:\Windows\SysWOW64\56b6downzoade95167.ocx moved successfully.
C:\Windows\SysWOW64\z74b9ir5460.exe moved successfully.
C:\Windows\SysWOW64\8514s9yz4e.cpl moved successfully.
C:\Windows\SysWOW64\7e47spywzr91455.cpl moved successfully.
C:\Windows\SysWOW64\28829sz95bot43c.ocx moved successfully.
C:\Windows\SysWOW64\226905iruz1f2.ocx moved successfully.
C:\Windows\SysWOW64\4bb9viz15345.cpl moved successfully.
C:\Windows\SysWOW64\896spa5sz500.dll moved successfully.
C:\Windows\SysWOW64\5z03spamb9tff.ocx moved successfully.
C:\Windows\SysWOW64\992ztro5597.bin moved successfully.
C:\Windows\SysWOW64\5z7b9ownloa5er2850.dll moved successfully.
C:\Windows\SysWOW64\29534wzr969c.cpl moved successfully.
C:\Windows\SysWOW64\1947s5eaz3085.exe moved successfully.
C:\Windows\SysWOW64\2d7esz59se1345.bin moved successfully.
C:\Windows\SysWOW64\139z4not-a-vi5us124.bin moved successfully.
C:\Windows\SysWOW64\7599zroj24c.ocx moved successfully.
C:\Windows\SysWOW64\66a5szyware819.cpl moved successfully.
C:\Windows\SysWOW64\403bthre5z1965.dll moved successfully.
C:\Windows\SysWOW64\7d95spa9se1z335.bin moved successfully.
C:\Windows\SysWOW64\24693not-z-vi5usdb.bin moved successfully.
C:\Windows\SysWOW64\54762vzrus39c.ocx moved successfully.
C:\Windows\SysWOW64\951adzwar51175.bin moved successfully.
C:\Windows\SysWOW64\197775o9m3zc.exe moved successfully.
C:\Windows\SysWOW64\23923spy5z0.bin moved successfully.
C:\Windows\SysWOW64\4zd5backd5or9833.dll moved successfully.
C:\Windows\SysWOW64\3235wzr95b1.bin moved successfully.
C:\Windows\SysWOW64\55c9ste9l557z.ocx moved successfully.
C:\Windows\SysWOW64\4d76spyz9re23935.cpl moved successfully.
C:\Windows\SysWOW64\3515b9ckdoor20z6.dll moved successfully.
C:\Windows\SysWOW64\z943spambot6775.bin moved successfully.
C:\Windows\SysWOW64\163ctzrea915299.bin moved successfully.
C:\Windows\SysWOW64\zd17st5al697.exe moved successfully.
C:\Windows\SysWOW64\56fv9rz995.exe moved successfully.
C:\Windows\SysWOW64\3069ddwarz5720.ocx moved successfully.
C:\Windows\SysWOW64\a4z5ir3297.dll moved successfully.
C:\Windows\SysWOW64\55z99teal105.ocx moved successfully.
C:\Windows\SysWOW64\294bdzwn5oader1129.bin moved successfully.
C:\Windows\SysWOW64\269bba5zdoor3164.bin moved successfully.
C:\Windows\SysWOW64\28551s9amzot19f.bin moved successfully.
C:\Windows\SysWOW64\19z77wor5393.ocx moved successfully.
C:\Windows\SysWOW64\2z66sp51119.dll moved successfully.
C:\Windows\SysWOW64\zf29vi92158.exe moved successfully.
C:\Windows\SysWOW64\21538n5tza9virus573.ocx moved successfully.
C:\Windows\SysWOW64\15535zrojb9.dll moved successfully.
C:\Windows\SysWOW64\cbz95ief1816.cpl moved successfully.
C:\Windows\SysWOW64\5956thie91z92.cpl moved successfully.
C:\Windows\SysWOW64\18z53not-a-5i9us7a8.cpl moved successfully.
C:\Windows\SysWOW64\z1951wo5mb6.exe moved successfully.
C:\Windows\SysWOW64\7fezs9yware765.cpl moved successfully.
C:\Windows\SysWOW64\51d9downloader15z1.bin moved successfully.
C:\Windows\SysWOW64\5d6zdo9nloader2705.cpl moved successfully.
C:\Windows\SysWOW64\3954zro95ee.cpl moved successfully.
C:\Windows\SysWOW64\59085zy546.exe moved successfully.
C:\Windows\SysWOW64\5z19spy215.ocx moved successfully.
C:\Windows\SysWOW64\8bzs9ar5e2011.exe moved successfully.
C:\Windows\SysWOW64\7957s9y2z95.exe moved successfully.
C:\Windows\SysWOW64\204spambot15z9.dll moved successfully.
C:\Windows\SysWOW64\2z9faddware2565.bin moved successfully.
C:\Windows\SysWOW64\93bbzir2555.bin moved successfully.
C:\Windows\SysWOW64\760zspam9ot53e.cpl moved successfully.
C:\Windows\SysWOW64\z2369py115.ocx moved successfully.
C:\Windows\SysWOW64\56fbthi9fz1275.dll moved successfully.
C:\Windows\SysWOW64\3095t5o9z09.exe moved successfully.
C:\Windows\SysWOW64\00032290.exe moved successfully.
C:\Windows\SysWOW64\00031f7b.exe moved successfully.
C:\Windows\SysWOW64\00031e5c.exe moved successfully.
C:\Windows\SysWOW64\00031bfa.exe moved successfully.
C:\Windows\SysWOW64\00031a00.exe moved successfully.
C:\Windows\SysWOW64\000319ad.exe moved successfully.
C:\Windows\SysWOW64\0003190c.exe moved successfully.
C:\Windows\SysWOW64\0003164a.exe moved successfully.
C:\Windows\SysWOW64\0003146d.exe moved successfully.
C:\Windows\SysWOW64\0003142d.exe moved successfully.
C:\Windows\SysWOW64\000313ec.exe moved successfully.
C:\Windows\SysWOW64\00030e72.exe moved successfully.
C:\Windows\SysWOW64\13651t9ojzac.exe moved successfully.
File C:\Windows\SysWow64\29299zt-a5virus4dd.ocx not found.
File C:\Windows\SysWow64\15778not-a-v5zu93e9.ocx not found.
File C:\Windows\SysWow64\24806s9y7z05.dll not found.
File C:\Windows\SysWow64\219worz915.ocx not found.
File C:\Windows\SysWow64\00032290.exe not found.
File C:\Windows\SysWow64\00031f7b.exe not found.
File C:\Windows\SysWow64\00031e5c.exe not found.
File C:\Windows\SysWow64\000319ad.exe not found.
File C:\Windows\SysWow64\0003190c.exe not found.
File C:\Windows\SysWow64\0003164a.exe not found.
File C:\Windows\SysWow64\00031bfa.exe not found.
File C:\Windows\SysWow64\0003146d.exe not found.
File C:\Windows\SysWow64\0003142d.exe not found.
File C:\Windows\SysWow64\00031a00.exe not found.
File C:\Windows\SysWow64\000313ec.exe not found.
File C:\Windows\SysWow64\00030e72.exe not found.
File C:\Windows\SysWow64\56b6downzoade95167.ocx not found.
File C:\Windows\SysWow64\z74b9ir5460.exe not found.
File C:\Windows\SysWow64\8514s9yz4e.cpl not found.
File C:\Windows\SysWow64\7e47spywzr91455.cpl not found.
File C:\Windows\SysWow64\28829sz95bot43c.ocx not found.
File C:\Windows\SysWow64\226905iruz1f2.ocx not found.
File C:\Windows\SysWow64\4bb9viz15345.cpl not found.
File C:\Windows\SysWow64\896spa5sz500.dll not found.
File C:\Windows\SysWow64\5z03spamb9tff.ocx not found.
File C:\Windows\SysWow64\992ztro5597.bin not found.
File C:\Windows\SysWow64\5z7b9ownloa5er2850.dll not found.
File C:\Windows\SysWow64\29534wzr969c.cpl not found.
File C:\Windows\SysWow64\1947s5eaz3085.exe not found.
File C:\Windows\SysWow64\2d7esz59se1345.bin not found.
File C:\Windows\SysWow64\139z4not-a-vi5us124.bin not found.
File C:\Windows\SysWow64\7599zroj24c.ocx not found.
File C:\Windows\SysWow64\66a5szyware819.cpl not found.
File C:\Windows\SysWow64\403bthre5z1965.dll not found.
File C:\Windows\SysWow64\7d95spa9se1z335.bin not found.
File C:\Windows\SysWow64\24693not-z-vi5usdb.bin not found.
File C:\Windows\SysWow64\54762vzrus39c.ocx not found.
File C:\Windows\SysWow64\951adzwar51175.bin not found.
File C:\Windows\SysWow64\197775o9m3zc.exe not found.
File C:\Windows\SysWow64\23923spy5z0.bin not found.
File C:\Windows\SysWow64\4zd5backd5or9833.dll not found.
File C:\Windows\SysWow64\3235wzr95b1.bin not found.
File C:\Windows\SysWow64\55c9ste9l557z.ocx not found.
File C:\Windows\SysWow64\4d76spyz9re23935.cpl not found.
File C:\Windows\SysWow64\3515b9ckdoor20z6.dll not found.
File C:\Windows\SysWow64\z943spambot6775.bin not found.
File C:\Windows\SysWow64\163ctzrea915299.bin not found.
File C:\Windows\SysWow64\zd17st5al697.exe not found.
File C:\Windows\SysWow64\56fv9rz995.exe not found.
File C:\Windows\SysWow64\3069ddwarz5720.ocx not found.
File C:\Windows\SysWow64\a4z5ir3297.dll not found.
File C:\Windows\SysWow64\55z99teal105.ocx not found.
File C:\Windows\SysWow64\294bdzwn5oader1129.bin not found.
File C:\Windows\SysWow64\269bba5zdoor3164.bin not found.
File C:\Windows\SysWow64\28551s9amzot19f.bin not found.
File C:\Windows\SysWow64\19z77wor5393.ocx not found.
File C:\Windows\SysWow64\2z66sp51119.dll not found.
File C:\Windows\SysWow64\zf29vi92158.exe not found.
File C:\Windows\SysWow64\21538n5tza9virus573.ocx not found.
File C:\Windows\SysWow64\15535zrojb9.dll not found.
File C:\Windows\SysWow64\cbz95ief1816.cpl not found.
File C:\Windows\SysWow64\5956thie91z92.cpl not found.
File C:\Windows\SysWow64\18z53not-a-5i9us7a8.cpl not found.
File C:\Windows\SysWow64\z1951wo5mb6.exe not found.
File C:\Windows\SysWow64\7fezs9yware765.cpl not found.
File C:\Windows\SysWow64\51d9downloader15z1.bin not found.
File C:\Windows\SysWow64\5d6zdo9nloader2705.cpl not found.
File C:\Windows\SysWow64\3954zro95ee.cpl not found.
File C:\Windows\SysWow64\59085zy546.exe not found.
File C:\Windows\SysWow64\5z19spy215.ocx not found.
File C:\Windows\SysWow64\8bzs9ar5e2011.exe not found.
File C:\Windows\SysWow64\7957s9y2z95.exe not found.
File C:\Windows\SysWow64\204spambot15z9.dll not found.
File C:\Windows\SysWow64\2z9faddware2565.bin not found.
File C:\Windows\SysWow64\93bbzir2555.bin not found.
File C:\Windows\SysWow64\760zspam9ot53e.cpl not found.
File C:\Windows\SysWow64\z2369py115.ocx not found.
File C:\Windows\SysWow64\56fbthi9fz1275.dll not found.
File C:\Windows\SysWow64\3095t5o9z09.exe not found.
File C:\Windows\SysWow64\13651t9ojzac.exe not found.
C:\Windows\SysWOW64\75z9ste5l2158.dll moved successfully.
C:\Windows\SysWOW64\29629pamzot6085.dll moved successfully.
C:\Windows\SysWOW64\14119worz595.dll moved successfully.
C:\Windows\SysWOW64\8855pam9ztda.dll moved successfully.
C:\Windows\SysWOW64\7934steaz596.dll moved successfully.
C:\Windows\SysWOW64\435fvi93z50.dll moved successfully.
C:\Windows\SysWOW64\29673notza-virus2b95.dll moved successfully.
C:\Windows\SysWOW64\a9f5owzloader2601.dll moved successfully.
C:\Windows\SysWOW64\11540spz395.dll moved successfully.
C:\Windows\SysWOW64\6fd5s95waze2629.dll moved successfully.
C:\Windows\SysWOW64\9585zpy635.dll moved successfully.
C:\Windows\SysWOW64\8z7spa5bot5a79.dll moved successfully.
C:\Windows\SysWOW64\1095szyw5re5859.dll moved successfully.
C:\Windows\SysWOW64\9785troj61z.dll moved successfully.
C:\Windows\SysWOW64\7865s9arze1267.dll moved successfully.
C:\Windows\SysWOW64\6e19ba5kdozr2934.dll moved successfully.
C:\Windows\SysWOW64\5d40vzr199.dll moved successfully.
C:\Windows\SysWOW64\22219vi9zs5cd.dll moved successfully.
C:\Windows\SysWOW64\2a20zac9door26635.dll moved successfully.
C:\Windows\SysWOW64\5901sparze9676.dll moved successfully.
C:\Windows\SysWOW64\z57559acktool61e.dll moved successfully.
C:\Windows\SysWOW64\15z56hac9too5602.dll moved successfully.
C:\Windows\SysWOW64\12895tea919z7.dll moved successfully.
C:\Windows\SysWOW64\933855acztool618.dll moved successfully.
C:\Windows\SysWOW64\z7823hac59ool6aa.dll moved successfully.
C:\Windows\SysWOW64\14454sz5297.dll moved successfully.
C:\Windows\SysWOW64\16z5spy696.dll moved successfully.
C:\Windows\SysWOW64\3209zvi5us30.dll moved successfully.
C:\Windows\SysWOW64\19z91hack5ool5ef.dll moved successfully.
C:\Windows\SysWOW64\15985not-a-virus272z.dll moved successfully.
C:\Windows\SysWOW64\45c9sparsz1738.dll moved successfully.
C:\Windows\SysWOW64\z65a9dware2335.dll moved successfully.
C:\Windows\SysWOW64\z8732s5y5c9.dll moved successfully.
C:\Windows\SysWOW64\7z25spywa9e393.dll moved successfully.
C:\Windows\SysWOW64\98227spz5botc3.dll moved successfully.
C:\Windows\SysWOW64\709ethre9t1135z.dll moved successfully.
C:\Windows\SysWOW64\285z49py150.dll moved successfully.
C:\Windows\SysWOW64\519tr95z40.dll moved successfully.
C:\Windows\SysWOW64\5a99s9zrse2050.dll moved successfully.
C:\Windows\SysWOW64\5z349sp9108.dll moved successfully.
C:\Windows\SysWOW64\218z7viru5639.dll moved successfully.
C:\Windows\SysWOW64\3z507s5a9bot792.dll moved successfully.
C:\Windows\SysWOW64\2574szamb9t5.dll moved successfully.
C:\Windows\SysWOW64\49z95ackdoor3224.dll moved successfully.
C:\Windows\SysWOW64\c95thzef1752.dll moved successfully.
C:\Windows\SysWOW64\15959s5y1z6.dll moved successfully.
C:\Windows\SysWOW64\4121hacktoz95bb5.dll moved successfully.
C:\Windows\SysWOW64\1091zs9y452.dll moved successfully.
C:\Windows\SysWOW64\75b5zp5ware2289.dll moved successfully.
C:\Windows\SysWOW64\76a9v9r3z52.dll moved successfully.
C:\Windows\SysWOW64\29a5th9ef133z.dll moved successfully.
C:\Windows\SysWOW64\1z917virus5925.dll moved successfully.
C:\Windows\SysWOW64\140abacz95or2391.dll moved successfully.
C:\Windows\SysWOW64\289z4not-9-virus5f.dll moved successfully.
C:\Windows\SysWOW64\6957tzoj53d9.dll moved successfully.
C:\Windows\SysWOW64\65c9spyzare1072.dll moved successfully.
C:\Windows\SysWOW64\13bcaddwaze2954.dll moved successfully.
C:\Windows\SysWOW64\25z39not-a-virus724.dll moved successfully.
C:\Windows\SysWOW64\6013threat19515z.dll moved successfully.
C:\Windows\SysWOW64\5cc69hreaz52772.dll moved successfully.
C:\Windows\SysWOW64\3985addwarez305.dll moved successfully.
C:\Windows\SysWOW64\17995hacktool20z.dll moved successfully.
C:\Windows\SysWOW64\4b89ste9l305z.dll moved successfully.
C:\Windows\SysWOW64\57z7th9eat22967.dll moved successfully.
C:\Windows\SysWOW64\50zbst95l1555.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brenda
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14106971 bytes
->Java cache emptied: 32000365 bytes
->FireFox cache emptied: 39673827 bytes
->Google Chrome cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8413975 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 87689 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 966 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 306902864 bytes

Total Files Cleaned = 383.00 mb

OTL by OldTimer - Version 3.1.24.0 log created on 01122010_165746

Files\Folders moved on Reboot...
C:\Users\Brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NPOAKWN\iframe[1].htm moved successfully.
C:\Users\Brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3W1JA9OX\index[1].htm moved successfully.
File\Folder C:\Windows\temp\JETC58F.tmp not found!
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

Registry entries deleted on Reboot...

will run follow up scan next

#11 jrosen19

Member

Group: Members
Posts: 28
Joined: 29-December 09

Posted 12 January 2010 - 05:31 PM

OTL logfile created on: 1/12/2010 5:21:59 PM - Run 2
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Users\Brenda\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.24 Gb Total Space | 224.86 Gb Free Space | 78.28% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 1.83 Gb Free Space | 16.87% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAVA
Current User Name: Brenda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Brenda\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe ()
PRC - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Brenda\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_5d1a7764\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_5d1a7764\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe (Symantec Corporation)
SRV - (gupdate1c9f8d5c681dcb7) Google Update Service (gupdate1c9f8d5c681dcb7) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (hpqwmiex) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe ()
SRV - (QPSched) QuickPlay Task Scheduler (QTS) -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe ()
SRV - (QPCapSvc) QuickPlay Background Capture Service (QBCS) -- C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe ()
SRV - (HP Health Check Service) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (Com4QLBEx) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (LightScribeService) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 08:34:14 | 00,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (ccHP) -- C:\Windows\SysNative\Drivers\N360x64\0305020.00B\ccHPx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\0305020.00B\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0305020.00B\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\Drivers\N360x64\0305020.00B\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\N360x64\0305020.00B\SYMTDI.SYS (Symantec Corporation)
DRV:64bit: - (SYMFW) -- C:\Windows\SysNative\Drivers\N360x64\0305020.00B\SYMFW.SYS (Symantec Corporation)
DRV:64bit: - (SYMNDISV) -- C:\Windows\SysNative\Drivers\N360x64\0305020.00B\SYMNDISV.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0305020.00B\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys (Microsoft Corporation)
DRV:64bit: - (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys (Microsoft Corporation)
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys (Microsoft Corporation)
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corp.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (BthPan) Bluetooth Device (Personal Area Network) -- C:\Windows\SysNative\DRIVERS\bthpan.sys (Microsoft Corporation)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (akshasp) -- C:\Windows\SysNative\DRIVERS\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksusb) -- C:\Windows\SysNative\DRIVERS\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.005\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100112.005\ENG64.SYS (Symantec Corporation)
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSviA64.sys (Symantec Corporation)
DRV - (Haspnt) -- C:\Windows\SysWOW64\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (athr) -- C:\Windows\SysWOW64\athr.sys (Atheros Communications, Inc.)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS ()

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/06/10 01:56:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 19:24:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext [2009/12/05 16:50:28 | 00,000,000 | ---D | M]

[2009/07/12 19:42:57 | 00,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\Mozilla\Extensions
[2009/07/12 19:42:57 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Brenda\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/12/25 13:42:36 | 00,000,000 | ---D | M] -- C:\Users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\4c9ghk5u.default\extensions
[2009/08/09 21:08:33 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\4c9ghk5u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/01 19:21:24 | 00,000,718 | ---- | M] () -- C:\Users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\4c9ghk5u.default\searchplugins\ask.xml
[2009/08/11 13:00:54 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/04/30 17:24:07 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/12 19:42:44 | 00,002,221 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\SafeSearch.xml

O1 HOSTS File: (350680 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12023 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll (Yontoo Technology, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 ( File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recipe Feeder - {14528701-EB26-4DDD-BDF3-5B3A3BF85CA5} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: bankofamerica.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} http://www.link-systems.com/~sdk/SDK/paste/lsiw9x.cab (LSICapture Control)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Brenda\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brenda\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a1b1856c-bd6f-11dd-894c-001eecf15b35}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{a1b1857c-bd6f-11dd-894c-001eecf15b35}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/12 16:57:46 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/12 15:19:09 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Users\Brenda\Desktop\OTL.exe
[2010/01/12 14:59:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/12 14:57:05 | 05,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Brenda\Desktop\mbam-setup.exe
[2010/01/12 11:48:45 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/01/12 11:48:44 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/01/12 11:48:44 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/01/04 18:08:43 | 00,000,000 | ---D | C] -- C:\Users\Brenda\Desktop\Justin
[2010/01/04 15:15:35 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/04 15:15:21 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/04 15:15:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/01/04 15:14:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/01/04 13:20:32 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2010/01/04 13:20:32 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2010/01/04 13:20:32 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2010/01/04 13:20:32 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2010/01/04 13:20:32 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2010/01/04 13:20:31 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2010/01/04 12:44:05 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2010/01/03 19:23:06 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\Apple
[2009/12/31 21:18:52 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\hpqLog
[2009/12/30 18:03:55 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\no-NO
[2009/12/30 18:03:46 | 00,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2009/12/30 15:07:30 | 00,920,064 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2009/12/30 15:07:30 | 00,735,232 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysWow64\athr.sys
[2009/12/29 17:41:59 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\Adobe
[2009/12/29 15:23:36 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\Runscanner.net
[2009/12/29 13:46:45 | 00,000,000 | ---D | C] -- C:\Users\Brenda\Documents\Autoruns[1]
[2009/12/28 22:46:01 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/12/28 16:15:41 | 00,000,000 | ---D | C] -- C:\N360_BACKUP
[2009/12/28 15:57:43 | 00,000,000 | ---D | C] -- C:\Users\Brenda\Documents\Symantec
[2009/12/28 15:48:45 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Local\ICS
[2009/12/27 21:40:22 | 00,000,000 | ---D | C] -- C:\Netgear
[2009/12/24 14:46:18 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\Malwarebytes
[2009/12/24 14:46:12 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/24 14:46:11 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/12/24 14:46:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/12/24 03:06:43 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/12/17 15:37:57 | 00,000,000 | ---D | C] -- C:\Users\Brenda\Desktop\Movies
[2009/12/16 10:10:09 | 00,000,000 | ---D | C] -- C:\Users\Brenda\Documents\T&D forms
[2009/12/15 07:25:04 | 00,000,000 | ---D | C] -- C:\Users\Brenda\AppData\Roaming\Playrix Entertainment

========== Files - Modified Within 30 Days ==========

[2010/01/12 17:27:00 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F024F1ED-9C89-41A4-88CB-8895B3B6A76F}.job
[2010/01/12 17:22:03 | 08,650,752 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat
[2010/01/12 17:22:01 | 00,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-604219708-840033-878688825-1000UA.job
[2010/01/12 17:08:09 | 00,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/01/12 17:08:09 | 00,598,588 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/01/12 17:08:09 | 00,102,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/01/12 17:04:08 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/12 17:03:40 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/12 17:02:57 | 00,000,440 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010/01/12 17:01:44 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/12 17:01:44 | 00,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/12 17:01:37 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/12 17:01:32 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/12 17:01:24 | 40,242,58560 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/12 16:58:52 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/12 16:58:50 | 00,524,288 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{43269055-f42d-11de-8ee1-de60639ac53e}.TMContainer00000000000000000001.regtrans-ms
[2010/01/12 16:58:50 | 00,065,536 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{43269055-f42d-11de-8ee1-de60639ac53e}.TM.blf
[2010/01/12 16:58:47 | 02,926,190 | -H-- | M] () -- C:\Users\Brenda\AppData\Local\IconCache.db
[2010/01/12 16:37:00 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/12 15:19:13 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Users\Brenda\Desktop\OTL.exe
[2010/01/12 15:00:01 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/12 14:57:09 | 05,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Brenda\Desktop\mbam-setup.exe
[2010/01/12 14:52:56 | 00,415,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/01/12 14:38:45 | 00,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrenda.job
[2010/01/12 11:56:49 | 00,524,288 | ---- | M] () -- C:\Users\Brenda\Desktop\dds.scr
[2010/01/11 15:32:20 | 00,052,224 | ---- | M] () -- C:\Users\Brenda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/01/07 16:07:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/01/05 03:10:09 | 00,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-604219708-840033-878688825-1000Core.job
[2010/01/04 20:48:07 | 00,000,560 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Brenda.job
[2009/12/30 18:03:39 | 00,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2009/12/30 17:45:16 | 34,905,7011 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/30 15:47:52 | 00,114,904 | ---- | M] () -- C:\Users\Brenda\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/28 22:51:51 | 00,524,288 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{43269055-f42d-11de-8ee1-de60639ac53e}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 22:44:44 | 00,524,288 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{4a9969d5-f42c-11de-80cb-dfd05928992b}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 22:44:44 | 00,524,288 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{4a9969d5-f42c-11de-80cb-dfd05928992b}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 22:44:44 | 00,065,536 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{4a9969d5-f42c-11de-80cb-dfd05928992b}.TM.blf
[2009/12/28 22:38:30 | 00,524,288 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{6d774e55-f42b-11de-9bcd-a0c28dc2a622}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 22:38:30 | 00,524,288 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{6d774e55-f42b-11de-9bcd-a0c28dc2a622}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 22:38:30 | 00,065,536 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{6d774e55-f42b-11de-9bcd-a0c28dc2a622}.TM.blf
[2009/12/28 17:40:49 | 00,524,288 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{3e796c89-b45e-11de-8f76-001eecf15b35}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 17:40:49 | 00,065,536 | -HS- | M] () -- C:\Users\Brenda\ntuser.dat{3e796c89-b45e-11de-8f76-001eecf15b35}.TM.blf
[2009/12/24 03:10:05 | 00,000,273 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009/12/24 02:50:19 | 00,000,680 | ---- | M] () -- C:\Users\Brenda\AppData\Local\d3d9caps.dat
[2009/12/18 17:32:47 | 00,709,336 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/18 16:16:57 | 00,000,013 | ---- | M] () -- C:\Windows\popcinfo.dat
[2009/12/16 13:16:23 | 00,407,552 | ---- | M] () -- C:\Users\Brenda\Documents\ta do list.doc
[2009/12/16 13:16:05 | 00,407,552 | ---- | M] () -- C:\Users\Brenda\Documents\Backup of ta do list.wbk
[2009/12/14 18:23:04 | 00,031,232 | ---- | M] () -- C:\Users\Brenda\Documents\drake schoolmu.doc

========== Files Created - No Company Name ==========

[2010/01/12 15:00:01 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/12 11:56:42 | 00,524,288 | ---- | C] () -- C:\Users\Brenda\Desktop\dds.scr
[2009/12/31 21:34:42 | 00,000,261 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/12/30 18:03:51 | 00,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
[2009/12/30 15:07:30 | 00,010,844 | ---- | C] () -- C:\Windows\SysWow64\athrext.cat
[2009/12/30 15:07:30 | 00,010,834 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2009/12/30 15:07:30 | 00,006,496 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2009/12/30 15:07:30 | 00,006,483 | ---- | C] () -- C:\Windows\SysWow64\netathr.inf
[2009/12/29 01:21:10 | 40,242,58560 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/28 22:51:17 | 00,524,288 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{43269055-f42d-11de-8ee1-de60639ac53e}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 22:51:16 | 00,524,288 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{43269055-f42d-11de-8ee1-de60639ac53e}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 22:51:16 | 00,065,536 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{43269055-f42d-11de-8ee1-de60639ac53e}.TM.blf
[2009/12/28 22:44:44 | 00,524,288 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{4a9969d5-f42c-11de-80cb-dfd05928992b}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 22:44:44 | 00,524,288 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{4a9969d5-f42c-11de-80cb-dfd05928992b}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 22:44:44 | 00,065,536 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{4a9969d5-f42c-11de-80cb-dfd05928992b}.TM.blf
[2009/12/28 22:43:51 | 34,905,7011 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/12/28 22:38:30 | 00,524,288 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{6d774e55-f42b-11de-9bcd-a0c28dc2a622}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 22:38:30 | 00,524,288 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{6d774e55-f42b-11de-9bcd-a0c28dc2a622}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 22:38:30 | 00,065,536 | -HS- | C] () -- C:\Users\Brenda\ntuser.dat{6d774e55-f42b-11de-9bcd-a0c28dc2a622}.TM.blf
[2009/12/27 21:59:48 | 00,000,082 | R--- | C] () -- C:\Users\Public\Desktop\www.RouterLogin.com.url
[2009/12/18 17:32:47 | 00,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/18 16:16:57 | 00,000,013 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/12/16 13:16:04 | 00,407,552 | ---- | C] () -- C:\Users\Brenda\Documents\ta do list.doc
[2009/12/16 13:16:04 | 00,407,552 | ---- | C] () -- C:\Users\Brenda\Documents\Backup of ta do list.wbk
[2009/12/14 18:23:03 | 00,031,232 | ---- | C] () -- C:\Users\Brenda\Documents\drake schoolmu.doc
[2009/12/05 16:51:26 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/10/19 17:23:11 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/19 17:22:00 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/15 12:17:49 | 00,004,096 | -H-- | C] () -- C:\Users\Brenda\AppData\Local\keyfile3.drm
[2009/08/23 11:54:07 | 00,009,029 | ---- | C] () -- C:\Windows\wininit.ini
[2009/03/01 03:01:16 | 00,000,680 | ---- | C] () -- C:\Users\Brenda\AppData\Local\d3d9caps.dat
[2009/01/20 17:58:15 | 00,073,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\SENTINEL.SYS
[2009/01/20 17:58:15 | 00,047,616 | ---- | C] () -- C:\Windows\SysWow64\SNTI386.DLL
[2009/01/20 17:58:15 | 00,017,920 | ---- | C] () -- C:\Windows\SysWow64\RNBOVDD.DLL
[2009/01/20 17:57:14 | 00,000,383 | ---- | C] () -- C:\Windows\SysWow64\haspdos.sys
[2009/01/20 17:53:18 | 00,000,816 | ---- | C] () -- C:\Windows\_delis32.ini
[2009/01/14 20:41:52 | 00,030,924 | ---- | C] () -- C:\Users\Brenda\AppData\Roaming\UserTile.png
[2008/11/25 17:27:34 | 00,000,000 | ---- | C] () -- C:\Users\Brenda\AppData\Local\QSwitch.txt
[2008/11/25 17:27:34 | 00,000,000 | ---- | C] () -- C:\Users\Brenda\AppData\Local\DSwitch.txt
[2008/11/25 17:27:34 | 00,000,000 | ---- | C] () -- C:\Users\Brenda\AppData\Local\AtStart.txt
[2008/11/25 16:09:08 | 00,052,224 | ---- | C] () -- C:\Users\Brenda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/25 13:33:22 | 00,000,194 | ---- | C] () -- C:\Users\Brenda\AppData\Roaming\wklnhst.dat
[2008/06/10 01:37:56 | 00,000,371 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2002/09/08 17:55:52 | 00,005,520 | ---- | C] () -- C:\Windows\SysWow64\lsiprn.drv

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Brenda\Documents\MVI_4212.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Brenda\Documents\MVI_3613.AVI:TOC.WMV
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:206E2596
< End of report >

#12 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 12 January 2010 - 05:39 PM

Hi,

this looks much better to me.

How is the PC doing?

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#13 jrosen19

Member

Group: Members
Posts: 28
Joined: 29-December 09

Posted 12 January 2010 - 05:48 PM

ok, removed viewpoint media player. The computer seems to be running with good speed, no lagging. However, the wireless is gone. I can only connect with ethernet cable.

#14 myrti

bleepin' _temp_

Group: Malware Response Instructor
Posts: 26,080
Joined: 25-January 08
Gender:Female
Location:At home

Posted 12 January 2010 - 05:53 PM

When did you loose connection? After the OTL-fix?

regards myrti

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

#15 jrosen19

Member

Group: Members
Posts: 28
Joined: 29-December 09

Posted 12 January 2010 - 06:02 PM

No, when she gave me the computer, the wireless had no problems. After I ran malebytes anti maleware the first time, as well as spybot search and destroy the scans found quite a few issues. As I said the one scan had over 26,000 issues. After I did these scans the wireless was gone??? I go to device manager and it says device is working fine. But when I go to network connections there is a link in vista that says "Diagnose why Windows cannot find any additional networks." So I click that and a box comes up that says "The Windows Wireless Service is not running on this computer." There is an option that says "start windows service" but under that it says "The network adapter "Atheros AR5007 802.11 b/g WiFi Adapter" is experiencing driver or hardware related issue" I did download the most recent drivers from the atheros website but that didn't help.