Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A vairant of Win32/Krytik.SH trojan?


  • This topic is locked This topic is locked
11 replies to this topic

#1 Ganton

Ganton

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tumwater, Wash. USA
  • Local time:08:43 PM

Posted 02 November 2009 - 11:31 PM

Does anybody see any evidence of any malicious trojan here?

info.txt logfile of random's system information tool 1.06 2009-11-02 20:20:11

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\18 Wheels of Steel - American Long Haul\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\4 Elements\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bejeweled Twist\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bus Driver\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Farm Mania\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\FATE Undiscovered Realms\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\GameHouse Solitaire Challenge\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Hoyle Card Games\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\HP Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mahjongg Artifacts\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mystery P.I. - The Vegas Heist\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Poker Superstars III\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Super TextTwist\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\The Hidden Object Game Show\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Word Up\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\World of Goo\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Catalyst Control Center - Branding-->MsiExec.exe /I{66206F6F-A212-4FAC-837D-3415AA5698DC}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
CyberLink DVD Suite Deluxe-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
Free Window Registry Repair-->C:\PROGRA~2\FREEWI~1\UNWISE.EXE C:\PROGRA~2\FREEWI~1\INSTALL.LOG
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
Hoyle Card Games 2004-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{744F6CCF-9F56-40A0-A33D-2A45D53B6046}
HP Active Support Library-->"C:\Program Files (x86)\InstallShield Installation Information\{0295F89F-F698-4101-9A7D-49F407EC2D82}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B84739A3-F943-47E4-95D8-96381EF5AC48}\setup.exe" -l0x9 -removeonly
HP Easy Backup-->"C:\ProgramData\Hewlett-Packard\HP Easy Backup\unins000.exe"
HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
HP MediaSmart Demo-->"C:\ProgramData\Hewlett-Packard\HP MediaSmart Demo\unins000.exe"
HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart DVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}
HP Total Care Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{784BEA84-FA66-4B19-BB80-7B545F248AC6}\setup.exe" -l0x9 -removeonly
HP Update-->MsiExec.exe /X{47F36D92-E58E-456D-B73C-3382737E4C42}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LightScribe System Software-->MsiExec.exe /X{7F10292C-A190-4176-A665-A1ED3478DF86}
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files (x86)\McAfee\MSC\mcuninst.exe
Microsoft Default Manager-->MsiExec.exe /X{61BEA823-ECAF-49F1-8378-A59B3B8AD247}
Microsoft Easy Assist v2-->MsiExec.exe /I{326957C7-83FD-4550-A59A-849B7B4297DE}
Microsoft Live Search Toolbar-->c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\OEMSetup.exe /Uninstall
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.5.4)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar Platform-->MsiExec.exe /I{547C4A03-8402-49E9-9E94-112929185B1E}
MSN Toolbar-->C:\Program Files (x86)\MSN Toolbar Installer\InstallManager.exe /UNINSTALL
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
PictureMover-->MsiExec.exe /X{1896E712-2B3D-45eb-BCE9-542742A51032}
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.6 pywin32-212-->"C:\program files (x86)\Python\Removepywin32.exe" -u "C:\program files (x86)\Python\pywin32-wininst.log"
Python 2.6.1-->MsiExec.exe /I{9CC89170-000B-457D-91F1-53691F85B223}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SpywareBlaster 4.2-->"C:\Program Files (x86)\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}

======Security center information======

AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: Ganton-PC
Event Code: 1060
Message: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Record Number: 31012
Source Name: Application Popup
Time Written: 20091102142636.357669-000
Event Type: Error
User:

Computer Name: Ganton-PC
Event Code: 1060
Message: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Record Number: 31014
Source Name: Application Popup
Time Written: 20091102142636.420070-000
Event Type: Error
User:

Computer Name: Ganton-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 31017
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091102142643.779711-000
Event Type: Error
User:

Computer Name: Ganton-PC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 31093
Source Name: Service Control Manager
Time Written: 20091102142825.000000-000
Event Type: Error
User:

Computer Name: Ganton-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL
Record Number: 31095
Source Name: Service Control Manager
Time Written: 20091102142825.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Ganton-PC
Event Code: 4621
Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Record Number: 4822
Source Name: Microsoft-Windows-EventSystem
Time Written: 20091102063324.000000-000
Event Type: Error
User:

Computer Name: Ganton-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 4842
Source Name: Microsoft-Windows-WMI
Time Written: 20091102142825.000000-000
Event Type: Error
User:

Computer Name: Ganton-PC
Event Code: 508
Message: Windows (2424) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (181 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 4856
Source Name: ESENT
Time Written: 20091102153530.000000-000
Event Type: Warning
User:

Computer Name: Ganton-PC
Event Code: 510
Message: Windows (2424) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 12263424 (0x0000000000bb2000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (998 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 31805 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 4864
Source Name: ESENT
Time Written: 20091103002535.000000-000
Event Type: Warning
User:

Computer Name: Ganton-PC
Event Code: 508
Message: Windows (2424) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log" at offset 93696 (0x0000000000016e00) for 512 (0x00000200) bytes succeeded, but took an abnormally long time (998 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 4865
Source Name: ESENT
Time Written: 20091103002535.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: Ganton-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 4319
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091102151023.154800-000
Event Type: Audit Success
User:

Computer Name: Ganton-PC
Event Code: 4904
Message: An attempt was made to register a security event source.

Subject :
Security ID: S-1-5-18
Account Name: GANTON-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0x13d8
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x152619
Record Number: 4320
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091102151057.412400-000
Event Type: Audit Success
User:

Computer Name: Ganton-PC
Event Code: 4905
Message: An attempt was made to unregister a security event source.

Subject
Security ID: S-1-5-18
Account Name: GANTON-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0x13d8
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x152619
Record Number: 4321
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091102151057.412400-000
Event Type: Audit Success
User:

Computer Name: Ganton-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x6f4f9b
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: GANTON-PC
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 4322
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091102232122.788800-000
Event Type: Audit Success
User:

Computer Name: Ganton-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x6f4f9b

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 4323
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091102232207.529600-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Python;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=HPD
"PCBRAND"=Pavilion
"MSWorksProductCode"={15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:43 AM

Posted 08 November 2009 - 06:18 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Ganton

Ganton
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tumwater, Wash. USA
  • Local time:08:43 PM

Posted 09 November 2009 - 12:33 AM

Doesn't what I've already posted, as per your prior instrux, tell you anything? Anything at all?

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:43 AM

Posted 09 November 2009 - 05:26 AM

Hi,
you posted only part of a log for which we do not ask in our prepare guide. I can not give you any estimate of how clean your PC is based on that log. I can't even tell if you are running XP, Vista or Windows7 from it, all I can see is that you are using a 64bit system and that it is probably a HP PC.

If you want help, I will need the OTL log. If you do not want to provide any logs, I don't think I can do much for you.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Ganton

Ganton
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tumwater, Wash. USA
  • Local time:08:43 PM

Posted 09 November 2009 - 11:45 PM

Here's the OTL.Txt:
OTL logfile created on: 11/9/2009 8:39:56 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Ganton\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.64 Gb Total Space | 637.22 Gb Free Space | 93.07% Space Free | Partition Type: NTFS
Drive D: | 14.00 Gb Total Space | 2.20 Gb Free Space | 15.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GANTON-PC
Current User Name: Ganton
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/09 20:35:48 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Ganton\Downloads\OTL(2).exe
PRC - [2009/11/06 20:01:04 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/09/17 13:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/17 13:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/08/26 21:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 21:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 21:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 21:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 21:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 21:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/26 21:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/08/07 16:15:06 | 00,311,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2009/08/07 16:15:06 | 00,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/08/07 16:15:06 | 00,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/08/07 16:15:06 | 00,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/08/07 16:15:06 | 00,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/08/07 16:15:06 | 00,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/08/07 16:15:06 | 00,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/08/07 16:15:06 | 00,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/08/07 16:15:06 | 00,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/17 12:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/09/30 16:59:26 | 00,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe


========== Modules (SafeList) ==========

MOD - [2009/11/09 20:35:48 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Ganton\Downloads\OTL(2).exe
MOD - [2009/08/26 21:22:28 | 00,916,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
MOD - [2009/07/17 06:35:11 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl.dll
MOD - [2009/05/23 00:17:03 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
MOD - [2008/11/26 20:35:06 | 01,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll
MOD - [2008/01/20 18:52:09 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\spp.dll
MOD - [2008/01/20 18:51:41 | 02,537,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2008/01/20 18:50:46 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2008/01/20 18:50:03 | 00,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 18:50:01 | 00,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\xmllite.dll
MOD - [2008/01/20 18:49:43 | 01,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vssapi.dll
MOD - [2008/01/20 18:49:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vsstrace.dll
MOD - [2008/01/20 18:49:32 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\authz.dll
MOD - [2008/01/20 18:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/02 00:33:06 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/16 10:23:32 | 00,696,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009/09/16 09:15:32 | 00,155,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/08/18 11:48:02 | 02,291,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/01/27 14:32:20 | 00,949,248 | ---- | M] () -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 18:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2008/01/20 18:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/10/09 18:59:08 | 00,238,328 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/17 13:29:04 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/09/15 09:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/08/07 16:15:06 | 00,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/03/17 12:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/12/04 07:12:10 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/11/19 18:23:16 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/30 16:59:26 | 00,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2008/07/27 10:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/27 10:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/06/19 17:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/19 17:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/01/20 18:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2008/01/20 18:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/11/02 05:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/09/16 09:22:40 | 00,308,296 | ---- | M] () -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/09/16 09:22:40 | 00,102,472 | ---- | M] () -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/09/16 09:22:40 | 00,049,480 | ---- | M] () -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 09:15:38 | 00,040,904 | ---- | M] () -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/07/16 11:32:26 | 00,176,144 | ---- | M] () -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/02/02 10:59:18 | 00,023,536 | ---- | M] (PC-Doctor, Inc.) -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2009/01/27 15:52:08 | 05,171,200 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/01/20 06:49:48 | 00,195,584 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/09/18 09:39:50 | 01,168,384 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2006/11/01 21:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2009/10/12 20:24:56 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/12 20:24:54 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/12 20:24:52 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/09/18 13:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 13:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2504864241-4246784017-3457649832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKU\S-1-5-21-2504864241-4246784017-3457649832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2504864241-4246784017-3457649832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2504864241-4246784017-3457649832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2504864241-4246784017-3457649832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2504864241-4246784017-3457649832-1000\S-1-5-21-2504864241-4246784017-3457649832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://msn.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:4.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0205.2\Firefox [2009/10/14 16:19:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2009/10/14 16:19:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/17 06:02:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/06 20:01:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/06 20:01:06 | 00,000,000 | ---D | M]

[2009/10/14 17:20:36 | 00,000,000 | ---D | M] -- C:\Users\Ganton\AppData\Roaming\Mozilla\Extensions
[2009/10/14 17:20:36 | 00,000,000 | ---D | M] -- C:\Users\Ganton\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/09 12:12:03 | 00,000,000 | ---D | M] -- C:\Users\Ganton\AppData\Roaming\Mozilla\Firefox\Profiles\yple1fjq.default\extensions
[2009/10/19 11:48:37 | 00,000,000 | ---D | M] -- C:\Users\Ganton\AppData\Roaming\Mozilla\Firefox\Profiles\yple1fjq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/22 19:46:31 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/06 20:01:06 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/17 13:48:31 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/06 20:01:04 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 20:01:04 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/17 13:48:13 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/06 20:01:05 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2009/08/24 10:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 10:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 10:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 10:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 10:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 10:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 10:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-2504864241-4246784017-3457649832-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2504864241-4246784017-3457649832-1000..\Run: [Google Update] C:\Users\Ganton\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-2504864241-4246784017-3457649832-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2504864241-4246784017-3457649832-1000\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/chnz/default/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/03 06:34:36 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/11/03 06:34:35 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/11/02 20:20:06 | 00,000,000 | ---D | C] -- C:\rsit
[2009/11/02 20:20:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2009/11/01 08:55:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Free Window Registry Repair
[2009/10/28 05:37:58 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe
[2009/10/28 05:37:57 | 10,624,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/10/28 05:37:55 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/10/25 19:18:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2009/10/24 19:42:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2009/10/24 16:14:13 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\DriverCure
[2009/10/24 16:14:08 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009/10/24 16:14:08 | 00,000,000 | ---D | C] -- C:\ProgramData\DriverCure
[2009/10/24 16:14:08 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009/10/24 16:14:08 | 00,000,000 | ---D | C] -- C:\ProgramData\DriverCure
[2009/10/22 19:50:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2009/10/22 19:50:05 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/10/22 19:50:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/10/22 19:50:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2009/10/22 19:50:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2009/10/22 19:39:02 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/10/22 19:39:02 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2009/10/21 11:39:56 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/10/21 11:21:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2009/10/20 20:34:15 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/10/20 20:29:36 | 00,000,000 | ---D | C] -- C:\ProgramData\MumboJumbo
[2009/10/20 20:29:36 | 00,000,000 | ---D | C] -- C:\ProgramData\MumboJumbo
[2009/10/20 17:21:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2009/10/20 17:09:51 | 49,554,488 | ---- | C] (Norman ASA) -- C:\Users\Ganton\Desktop\Norman_Malware_Cleaner.exe
[2009/10/20 16:47:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Easy Assist
[2009/10/20 16:47:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Applications
[2009/10/20 16:47:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Applications
[2009/10/19 16:38:01 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\Malwarebytes
[2009/10/19 16:37:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/10/19 16:37:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/19 16:37:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/19 16:37:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/10/19 16:09:30 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Local\Symantec
[2009/10/18 20:40:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WON
[2009/10/18 20:40:22 | 00,000,000 | ---D | C] -- C:\Sierra
[2009/10/17 15:04:49 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2009/10/17 14:41:05 | 00,000,000 | ---D | C] -- C:\Users\Ganton\Documents\My Scans
[2009/10/17 14:35:58 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\Printer Info Cache
[2009/10/17 14:35:53 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\Image Zone Express
[2009/10/17 14:25:54 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Local\Adobe
[2009/10/17 14:24:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/10/17 14:24:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/10/17 14:24:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2009/10/17 14:24:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2009/10/17 13:48:30 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2009/10/17 13:48:30 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/10/17 13:48:30 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/10/17 13:48:30 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/10/17 13:48:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2009/10/17 06:06:44 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/10/17 06:06:42 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/10/17 06:06:42 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/10/17 06:06:41 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/10/17 06:06:41 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/10/17 06:06:40 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/10/17 06:06:40 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/10/17 06:06:40 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/10/17 06:06:39 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/10/17 06:06:39 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/10/17 06:06:39 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/10/17 06:06:39 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/10/17 06:06:38 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/10/17 06:06:38 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/10/17 06:06:38 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/10/17 06:06:37 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/10/17 06:06:35 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/10/17 06:06:35 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/10/17 06:04:39 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2009/10/17 06:04:39 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2009/10/17 06:04:39 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2009/10/17 06:04:38 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2009/10/17 06:04:38 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\corpol.dll
[2009/10/17 06:04:36 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2009/10/17 06:04:35 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2009/10/17 06:04:34 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2009/10/17 06:04:34 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2009/10/17 06:04:33 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2009/10/17 06:04:31 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2009/10/17 06:04:31 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2009/10/17 06:04:31 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2009/10/17 06:04:31 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2009/10/17 06:04:28 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webcheck.dll
[2009/10/17 06:04:28 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2009/10/17 06:04:28 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2009/10/17 06:04:28 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2009/10/17 06:04:28 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2009/10/17 06:04:28 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2009/10/17 06:04:27 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2009/10/17 06:04:27 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe
[2009/10/17 06:04:27 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2009/10/17 06:04:26 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2009/10/17 06:04:26 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2009/10/17 06:04:25 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2009/10/17 06:04:25 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2009/10/17 06:04:25 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshta.exe
[2009/10/17 06:04:24 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2009/10/17 06:04:24 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PDMSetup.exe
[2009/10/17 06:04:24 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2009/10/17 06:04:24 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2009/10/17 06:04:24 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe
[2009/10/15 16:33:01 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2009/10/15 16:29:38 | 00,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2009/10/15 16:29:38 | 00,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2009/10/15 16:25:35 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\WinBatch
[2009/10/15 15:43:29 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/15 15:43:29 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/10/15 15:42:58 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\SUPERAntiSpyware.com
[2009/10/15 15:42:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/10/15 15:42:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2009/10/15 11:25:25 | 00,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2009/10/15 11:25:25 | 00,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2009/10/15 11:19:17 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\HP
[2009/10/15 11:12:40 | 00,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2009/10/15 11:12:40 | 00,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2009/10/15 11:10:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2009/10/15 11:09:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2009/10/15 05:54:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2009/10/15 05:54:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2009/10/14 21:48:56 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardcpl.cpl
[2009/10/14 21:48:52 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2009/10/14 21:48:52 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2009/10/14 21:48:51 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationNative_v0300.dll
[2009/10/14 21:48:51 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2009/10/14 21:48:51 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2009/10/14 21:48:46 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2009/10/14 21:48:43 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2009/10/14 21:42:51 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2009/10/14 21:42:43 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2009/10/14 21:42:37 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscoree.dll
[2009/10/14 21:42:31 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2009/10/14 21:42:27 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2009/10/14 20:42:51 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\Hoyle FaceCreator
[2009/10/14 20:42:51 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\Hoyle Card Games
[2009/10/14 20:04:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites
[2009/10/14 20:04:31 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Local\Seven Zip
[2009/10/14 20:03:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2009/10/14 20:03:16 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/10/14 20:03:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2009/10/14 20:02:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/10/14 20:01:00 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Local\Microsoft Help
[2009/10/14 20:00:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009/10/14 20:00:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009/10/14 19:59:41 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/10/14 19:56:29 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2009/10/14 19:55:42 | 00,000,000 | ---D | C] -- C:\ProgramData\HP
[2009/10/14 19:55:42 | 00,000,000 | ---D | C] -- C:\ProgramData\HP
[2009/10/14 19:43:49 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2009/10/14 19:43:49 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2009/10/14 19:04:50 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\WildTangent
[2009/10/14 18:19:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2009/10/14 18:13:25 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2009/10/14 18:13:24 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2009/10/14 18:13:22 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2009/10/14 18:13:19 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2009/10/14 18:13:19 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2009/10/14 18:12:55 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2009/10/14 18:12:54 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NETSTAT.EXE
[2009/10/14 18:12:54 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ARP.EXE
[2009/10/14 18:12:54 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\finger.exe
[2009/10/14 18:12:54 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TCPSVCS.EXE
[2009/10/14 18:12:54 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\HOSTNAME.EXE
[2009/10/14 18:12:53 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ROUTE.EXE
[2009/10/14 18:12:53 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRINFO.EXE
[2009/10/14 18:12:52 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2009/10/14 17:59:28 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2009/10/14 17:59:28 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVCORE.DLL
[2009/10/14 17:59:24 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2009/10/14 17:59:23 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2009/10/14 17:59:20 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpcrt4.dll
[2009/10/14 17:59:15 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kerberos.dll
[2009/10/14 17:59:15 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schannel.dll
[2009/10/14 17:59:13 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll
[2009/10/14 17:59:11 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2009/10/14 17:58:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2009/10/14 17:58:51 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2009/10/14 17:58:50 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2009/10/14 17:58:49 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2009/10/14 17:58:49 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2009/10/14 17:58:48 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.tlb
[2009/10/14 17:58:48 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amcompat.tlb
[2009/10/14 17:58:44 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/10/14 17:58:44 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdigest.dll
[2009/10/14 17:58:44 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secur32.dll
[2009/10/14 17:58:41 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2009/10/14 17:58:33 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2009/10/14 17:58:31 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2009/10/14 17:58:29 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2009/10/14 17:58:29 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2009/10/14 17:58:29 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2009/10/14 17:58:29 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dciman32.dll
[2009/10/14 17:58:27 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2009/10/14 17:58:21 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Faultrep.dll
[2009/10/14 17:58:20 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl.dll
[2009/10/14 17:58:17 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tzres.dll
[2009/10/14 17:50:46 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2009/10/14 17:50:46 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2009/10/14 17:50:46 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\L2SecHC.dll
[2009/10/14 17:44:57 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2009/10/14 17:44:57 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2009/10/14 17:44:57 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2009/10/14 17:44:53 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2009/10/14 17:44:53 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2009/10/14 17:20:09 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\Mozilla
[2009/10/14 17:20:09 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Local\Mozilla
[2009/10/14 17:20:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2009/10/14 17:10:21 | 00,000,000 | ---D | C] -- C:\Users\Ganton\Documents\Downloads
[2009/10/14 17:05:34 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Local\Google
[2009/10/14 17:05:26 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Local\Apps
[2009/10/14 17:05:25 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Local\Deployment
[2009/10/14 16:19:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2009/10/14 16:18:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar Installer
[2009/10/14 16:16:54 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\Macromedia
[2009/10/14 16:16:51 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\Adobe
[2009/10/14 16:01:36 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\ATI
[2009/10/14 16:01:36 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Local\ATI
[2009/10/14 16:00:53 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\Hewlett-Packard
[2009/10/14 16:00:40 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Local\Hewlett-Packard
[2009/10/14 16:00:36 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\PictureMover
[2009/10/14 16:00:28 | 00,000,000 | R--D | C] -- C:\Users\Ganton\Searches
[2009/10/14 16:00:22 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\Identities
[2009/10/14 16:00:20 | 00,000,000 | R--D | C] -- C:\Users\Ganton\Contacts
[2009/10/14 15:50:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2009/10/14 15:50:30 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\HP TCS
[2009/10/14 15:50:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2009/10/14 15:48:16 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Local\VirtualStore
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\Templates
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\Start Menu
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\SendTo
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\Recent
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\PrintHood
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\NetHood
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\Documents\My Videos
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\Documents\My Pictures
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\Documents\My Music
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\My Documents
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\Local Settings
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\Cookies
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\Application Data
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\AppData\Local\Temporary Internet Files
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\AppData\Local\History
[2009/10/14 15:48:14 | 00,000,000 | -HSD | C] -- C:\Users\Ganton\AppData\Local\Application Data
[2009/10/14 15:48:13 | 00,000,000 | --SD | C] -- C:\Users\Ganton\AppData\Roaming\Microsoft
[2009/10/14 15:48:13 | 00,000,000 | R--D | C] -- C:\Users\Ganton\Videos
[2009/10/14 15:48:13 | 00,000,000 | R--D | C] -- C:\Users\Ganton\Saved Games
[2009/10/14 15:48:13 | 00,000,000 | R--D | C] -- C:\Users\Ganton\Pictures
[2009/10/14 15:48:13 | 00,000,000 | R--D | C] -- C:\Users\Ganton\Music
[2009/10/14 15:48:13 | 00,000,000 | R--D | C] -- C:\Users\Ganton\Links
[2009/10/14 15:48:13 | 00,000,000 | R--D | C] -- C:\Users\Ganton\Favorites
[2009/10/14 15:48:13 | 00,000,000 | R--D | C] -- C:\Users\Ganton\Downloads
[2009/10/14 15:48:13 | 00,000,000 | R--D | C] -- C:\Users\Ganton\Documents
[2009/10/14 15:48:13 | 00,000,000 | R--D | C] -- C:\Users\Ganton\Desktop
[2009/10/14 15:48:13 | 00,000,000 | -H-D | C] -- C:\Users\Ganton\AppData
[2009/10/14 15:48:13 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Roaming\Media Center Programs
[2009/10/14 15:48:13 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Local\Temp
[2009/10/14 15:48:13 | 00,000,000 | ---D | C] -- C:\Users\Ganton\AppData\Local\Microsoft

========== Files - Modified Within 30 Days ==========

[2009/11/09 20:38:58 | 01,835,008 | -HS- | M] () -- C:\Users\Ganton\NTUSER.DAT
[2009/11/09 20:36:11 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/09 20:36:11 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/09 20:26:52 | 00,010,486 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2009/11/09 20:26:24 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/09 20:19:00 | 00,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2504864241-4246784017-3457649832-1000UA.job
[2009/11/09 14:35:36 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/11/09 14:35:36 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/11/09 14:35:36 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/11/09 14:30:45 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/09 14:30:01 | 00,524,288 | -HS- | M] () -- C:\Users\Ganton\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/11/09 14:30:01 | 00,065,536 | -HS- | M] () -- C:\Users\Ganton\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/11/09 14:29:57 | 01,979,847 | -H-- | M] () -- C:\Users\Ganton\AppData\Local\IconCache.db
[2009/11/09 13:19:02 | 00,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2504864241-4246784017-3457649832-1000Core.job
[2009/11/08 14:19:40 | 00,002,049 | ---- | M] () -- C:\Users\Ganton\Desktop\Google Chrome.lnk
[2009/11/01 08:55:20 | 00,000,872 | ---- | M] () -- C:\Users\Ganton\Desktop\Free Window Registry Repair.lnk
[2009/11/01 07:59:50 | 00,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/01 07:40:19 | 00,000,844 | ---- | M] () -- C:\Users\Ganton\Desktop\SpywareBlaster.lnk
[2009/10/25 11:18:56 | 00,010,645 | ---- | M] () -- C:\Users\Ganton\Documents\John and Mitch of the Party Of N.docx
[2009/10/24 15:54:40 | 00,002,593 | ---- | M] () -- C:\Users\Public\Desktop\HP MediaSmart.lnk
[2009/10/22 19:54:34 | 00,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/10/22 19:54:34 | 00,000,320 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/10/22 19:52:18 | 00,000,843 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2009/10/22 17:27:44 | 00,010,916 | ---- | M] () -- C:\Users\Ganton\Documents\October 17 Letter to PEMCO.docx
[2009/10/21 18:14:52 | 09,236,480 | ---- | M] () -- C:\Windows\SysNative\mshtml.dll
[2009/10/21 14:36:56 | 01,638,912 | ---- | M] () -- C:\Windows\SysNative\mshtml.tlb
[2009/10/21 04:54:43 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/10/21 04:54:43 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/10/21 02:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/10/21 00:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/10/20 20:29:55 | 00,000,022 | ---- | M] () -- C:\Windows\iexplore.ini
[2009/10/20 17:10:07 | 49,554,488 | ---- | M] (Norman ASA) -- C:\Users\Ganton\Desktop\Norman_Malware_Cleaner.exe
[2009/10/20 05:24:06 | 00,000,680 | ---- | M] () -- C:\Users\Ganton\AppData\Local\d3d9caps.dat
[2009/10/17 20:00:51 | 00,000,436 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Ganton - Full System Scan.job
[2009/10/17 14:24:43 | 00,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/10/17 13:48:13 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/10/17 13:48:13 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/10/17 13:48:13 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/10/17 13:48:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2009/10/17 07:00:09 | 00,077,120 | ---- | M] () -- C:\Users\Ganton\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/17 06:52:38 | 00,317,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/10/15 16:34:06 | 00,116,866 | ---- | M] () -- C:\Windows\hpqins00.dat
[2009/10/15 15:43:00 | 00,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2009/10/15 11:25:25 | 00,130,832 | ---- | M] () -- C:\Windows\hpoins18.dat
[2009/10/15 11:16:46 | 00,000,210 | ---- | M] () -- C:\Windows\win.ini
[2009/10/15 11:12:40 | 00,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2009/10/15 11:12:08 | 00,002,071 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential.lnk
[2009/10/15 11:11:22 | 00,001,186 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2009/10/14 21:21:26 | 00,000,094 | -H-- | M] () -- C:\Windows\SysWow64\wup_WCody.ini
[2009/10/14 20:06:14 | 00,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2009/10/14 20:04:44 | 00,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2009/10/14 19:04:40 | 00,000,104 | ---- | M] () -- C:\Users\Ganton\Desktop\E-mail - Shortcut.lnk
[2009/10/14 17:56:00 | 00,524,288 | -HS- | M] () -- C:\Users\Ganton\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2009/10/14 17:20:06 | 00,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/14 15:49:28 | 00,001,839 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_NP238AA-ABA e9107c_YC_0Pavi_QMXX929_E93NAv6PrA3_49_IEureka3_SPEGATRON CORPORATION_V1.01_B5.03_T090428_WUH1_L409_M8191_J750_7Intel_8Core2 Quad Q8200_92.34_#_N10EC8168_Z_G1002954F.MRK
[2009/10/14 15:49:28 | 00,001,839 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_NP238AA-ABA e9107c_YC_0Pavi_QMXX929_E93NAv6PrA3_49_IEureka3_SPEGATRON CORPORATION_V1.01_B5.03_T090428_WUH1_L409_M8191_J750_7Intel_8Core2 Quad Q8200_92.34_#_N10EC8168_Z_G1002954F.MRK
[2009/10/14 15:49:19 | 00,001,368 | ---- | M] () -- C:\Users\Public\Desktop\Snapfish Photos - FREE - 1st 30 Prints.lnk
[2009/10/14 15:48:14 | 00,000,020 | -HS- | M] () -- C:\Users\Ganton\ntuser.ini
[2009/10/14 15:45:08 | 00,047,092 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2009/11/03 06:34:35 | 09,236,480 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009/11/03 06:34:35 | 01,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009/11/01 08:55:20 | 00,000,872 | ---- | C] () -- C:\Users\Ganton\Desktop\Free Window Registry Repair.lnk
[2009/10/28 05:37:58 | 13,426,176 | ---- | C] () -- C:\Windows\SysNative\wmp.dll
[2009/10/28 05:37:58 | 00,372,736 | ---- | C] () -- C:\Windows\SysNative\unregmp2.exe
[2009/10/28 05:37:54 | 08,147,968 | ---- | C] () -- C:\Windows\SysNative\wmploc.DLL
[2009/10/25 11:18:55 | 00,010,645 | ---- | C] () -- C:\Users\Ganton\Documents\John and Mitch of the Party Of N.docx
[2009/10/24 19:42:44 | 00,000,844 | ---- | C] () -- C:\Users\Ganton\Desktop\SpywareBlaster.lnk
[2009/10/22 19:56:36 | 00,010,486 | ---- | C] () -- C:\Windows\SysNative\Config.MPF
[2009/10/22 19:52:18 | 00,000,843 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2009/10/22 19:50:42 | 00,040,904 | ---- | C] () -- C:\Windows\SysNative\drivers\mferkdk.sys
[2009/10/22 19:50:40 | 00,308,296 | ---- | C] () -- C:\Windows\SysNative\drivers\mfehidk.sys
[2009/10/22 19:50:40 | 00,102,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2009/10/22 19:50:40 | 00,049,480 | ---- | C] () -- C:\Windows\SysNative\drivers\mfesmfk.sys
[2009/10/22 19:50:33 | 00,176,144 | ---- | C] () -- C:\Windows\SysNative\drivers\Mpfp.sys
[2009/10/22 19:50:20 | 00,000,342 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2009/10/22 19:50:18 | 00,000,320 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2009/10/21 04:54:43 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/21 04:54:43 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/20 20:29:55 | 00,000,022 | ---- | C] () -- C:\Windows\iexplore.ini
[2009/10/19 19:11:30 | 00,000,680 | ---- | C] () -- C:\Users\Ganton\AppData\Local\d3d9caps.dat
[2009/10/19 16:37:59 | 00,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/19 16:37:55 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009/10/17 15:04:49 | 00,818,176 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2009/10/17 14:24:43 | 00,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/10/17 06:06:44 | 00,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009/10/17 06:06:42 | 00,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009/10/17 06:06:42 | 00,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2009/10/17 06:06:42 | 00,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2009/10/17 06:06:42 | 00,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009/10/17 06:06:40 | 01,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009/10/17 06:06:40 | 00,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2009/10/17 06:06:40 | 00,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2009/10/17 06:06:40 | 00,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2009/10/17 06:06:40 | 00,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2009/10/17 06:06:40 | 00,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2009/10/17 06:06:40 | 00,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2009/10/17 06:06:39 | 01,484,288 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009/10/17 06:06:39 | 00,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009/10/17 06:06:39 | 00,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2009/10/17 06:06:38 | 02,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009/10/17 06:06:37 | 12,461,568 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009/10/17 06:06:37 | 01,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2009/10/17 06:06:35 | 00,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009/10/17 06:06:35 | 00,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2009/10/17 06:04:41 | 00,088,064 | ---- | C] () -- C:\Windows\SysNative\admparse.dll
[2009/10/17 06:04:40 | 00,161,792 | ---- | C] () -- C:\Windows\SysNative\advpack.dll
[2009/10/17 06:04:40 | 00,022,528 | ---- | C] () -- C:\Windows\SysNative\corpol.dll
[2009/10/17 06:04:39 | 00,085,504 | ---- | C] () -- C:\Windows\SysNative\icardie.dll
[2009/10/17 06:04:38 | 00,157,696 | ---- | C] () -- C:\Windows\SysNative\ieakeng.dll
[2009/10/17 06:04:37 | 00,223,232 | ---- | C] () -- C:\Windows\SysNative\msls31.dll
[2009/10/17 06:04:36 | 00,077,824 | ---- | C] () -- C:\Windows\SysNative\tdc.ocx
[2009/10/17 06:04:36 | 00,052,736 | ---- | C] () -- C:\Windows\SysNative\imgutil.dll
[2009/10/17 06:04:35 | 00,125,952 | ---- | C] () -- C:\Windows\SysNative\inseng.dll
[2009/10/17 06:04:35 | 00,055,808 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2009/10/17 06:04:34 | 00,076,288 | ---- | C] () -- C:\Windows\SysNative\wextract.exe
[2009/10/17 06:04:34 | 00,063,488 | ---- | C] () -- C:\Windows\SysNative\pngfilt.dll
[2009/10/17 06:04:33 | 00,481,280 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2009/10/17 06:04:31 | 00,508,416 | ---- | C] () -- C:\Windows\SysNative\dxtmsft.dll
[2009/10/17 06:04:31 | 00,318,464 | ---- | C] () -- C:\Windows\SysNative\dxtrans.dll
[2009/10/17 06:04:30 | 01,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2009/10/17 06:04:30 | 00,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2009/10/17 06:04:28 | 00,304,640 | ---- | C] () -- C:\Windows\SysNative\webcheck.dll
[2009/10/17 06:04:28 | 00,271,872 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2009/10/17 06:04:27 | 00,278,528 | ---- | C] () -- C:\Windows\SysNative\WinFXDocObj.exe
[2009/10/17 06:04:27 | 00,241,664 | ---- | C] () -- C:\Windows\SysNative\msrating.dll
[2009/10/17 06:04:27 | 00,163,840 | ---- | C] () -- C:\Windows\SysNative\ieakui.dll
[2009/10/17 06:04:27 | 00,131,584 | ---- | C] () -- C:\Windows\SysNative\PDMSetup.exe
[2009/10/17 06:04:27 | 00,129,024 | ---- | C] () -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2009/10/17 06:04:27 | 00,128,512 | ---- | C] () -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2009/10/17 06:04:27 | 00,125,440 | ---- | C] () -- C:\Windows\SysNative\SetDepNx.exe
[2009/10/17 06:04:27 | 00,041,984 | ---- | C] () -- C:\Windows\SysNative\mshta.exe
[2009/10/17 06:04:26 | 00,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2009/10/17 06:04:26 | 00,108,032 | ---- | C] () -- C:\Windows\SysNative\url.dll
[2009/10/17 06:04:26 | 00,048,128 | ---- | C] () -- C:\Windows\SysNative\mshtmler.dll
[2009/10/17 06:04:25 | 00,479,744 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2009/10/17 06:04:24 | 03,698,584 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat
[2009/10/17 06:04:24 | 00,193,536 | ---- | C] () -- C:\Windows\SysNative\iexpress.exe
[2009/10/16 19:57:44 | 00,010,916 | ---- | C] () -- C:\Users\Ganton\Documents\October 17 Letter to PEMCO.docx
[2009/10/15 16:31:43 | 00,116,866 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/10/15 15:43:00 | 00,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2009/10/15 11:12:40 | 00,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2009/10/15 11:12:08 | 00,002,071 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential.lnk
[2009/10/15 11:11:22 | 00,001,186 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2009/10/15 11:06:03 | 00,130,832 | ---- | C] () -- C:\Windows\hpoins18.dat
[2009/10/15 11:04:32 | 00,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2009/10/14 21:48:56 | 00,049,160 | ---- | C] () -- C:\Windows\SysNative\infocardcpl.cpl
[2009/10/14 21:48:53 | 00,011,264 | ---- | C] () -- C:\Windows\SysNative\icardres.dll
[2009/10/14 21:48:52 | 00,052,760 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll
[2009/10/14 21:48:51 | 01,383,936 | ---- | C] () -- C:\Windows\SysNative\icardagt.exe
[2009/10/14 21:48:51 | 01,168,928 | ---- | C] () -- C:\Windows\SysNative\PresentationNative_v0300.dll
[2009/10/14 21:48:51 | 00,167,432 | ---- | C] () -- C:\Windows\SysNative\infocardapi.dll
[2009/10/14 21:48:45 | 00,126,520 | ---- | C] () -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2009/10/14 21:48:43 | 00,357,904 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe
[2009/10/14 21:42:51 | 00,013,824 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll
[2009/10/14 21:42:43 | 00,112,120 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll
[2009/10/14 21:42:37 | 00,406,528 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll
[2009/10/14 21:42:31 | 00,158,208 | ---- | C] () -- C:\Windows\SysNative\mscorier.dll
[2009/10/14 21:42:28 | 00,076,288 | ---- | C] () -- C:\Windows\SysNative\mscories.dll
[2009/10/14 21:21:26 | 00,000,094 | -H-- | C] () -- C:\Windows\SysWow64\wup_WCody.ini
[2009/10/14 20:04:44 | 00,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2009/10/14 19:56:42 | 00,130,048 | ---- | C] () -- C:\Windows\SysNative\hpz3l4v2.dll
[2009/10/14 19:55:39 | 00,338,944 | ---- | C] () -- C:\Windows\SysNative\hpzids40.dll
[2009/10/14 19:04:40 | 00,000,104 | ---- | C] () -- C:\Users\Ganton\Desktop\E-mail - Shortcut.lnk
[2009/10/14 18:13:23 | 00,558,592 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2009/10/14 18:13:20 | 00,289,792 | ---- | C] () -- C:\Windows\SysNative\psisrndr.ax
[2009/10/14 18:13:18 | 00,375,808 | ---- | C] () -- C:\Windows\SysNative\psisdecd.dll
[2009/10/14 18:13:17 | 00,227,328 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2009/10/14 18:13:17 | 00,101,376 | ---- | C] () -- C:\Windows\SysNative\MSNP.ax
[2009/10/14 18:12:55 | 01,418,840 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2009/10/14 18:12:55 | 00,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
[2009/10/14 18:12:54 | 00,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
[2009/10/14 18:12:54 | 00,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
[2009/10/14 18:12:54 | 00,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
[2009/10/14 18:12:54 | 00,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2009/10/14 18:12:53 | 00,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
[2009/10/14 18:12:53 | 00,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
[2009/10/14 18:12:53 | 00,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2009/10/14 18:12:52 | 00,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2009/10/14 18:09:05 | 00,000,552 | ---- | C] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2009/10/14 17:59:29 | 02,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
[2009/10/14 17:59:28 | 03,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
[2009/10/14 17:59:23 | 04,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2009/10/14 17:59:23 | 00,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2009/10/14 17:59:20 | 01,280,512 | ---- | C] () -- C:\Windows\SysNative\rpcrt4.dll
[2009/10/14 17:59:15 | 00,656,384 | ---- | C] () -- C:\Windows\SysNative\kerberos.dll
[2009/10/14 17:59:15 | 00,338,944 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2009/10/14 17:59:13 | 00,082,944 | ---- | C] () -- C:\Windows\SysNative\msasn1.dll
[2009/10/14 17:59:11 | 00,108,544 | ---- | C] () -- C:\Windows\SysNative\avifil32.dll
[2009/10/14 17:59:11 | 00,093,184 | ---- | C] () -- C:\Windows\SysNative\mciavi32.dll
[2009/10/14 17:59:11 | 00,076,800 | ---- | C] () -- C:\Windows\SysNative\avicap32.dll
[2009/10/14 17:59:08 | 00,202,752 | ---- | C] () -- C:\Windows\SysNative\wkssvc.dll
[2009/10/14 17:58:51 | 00,368,128 | ---- | C] () -- C:\Windows\SysNative\wmpdxm.dll
[2009/10/14 17:58:50 | 00,009,216 | ---- | C] () -- C:\Windows\SysNative\spwmp.dll
[2009/10/14 17:58:49 | 00,005,120 | ---- | C] () -- C:\Windows\SysNative\msdxm.ocx
[2009/10/14 17:58:49 | 00,005,120 | ---- | C] () -- C:\Windows\SysNative\dxmasf.dll
[2009/10/14 17:58:48 | 00,043,520 | ---- | C] () -- C:\Windows\SysNative\msdxm.tlb
[2009/10/14 17:58:48 | 00,018,432 | ---- | C] () -- C:\Windows\SysNative\amcompat.tlb
[2009/10/14 17:58:45 | 01,692,160 | ---- | C] () -- C:\Windows\SysNative\lsasrv.dll
[2009/10/14 17:58:44 | 00,515,656 | ---- | C] () -- C:\Windows\SysNative\drivers\ksecdd.sys
[2009/10/14 17:58:44 | 00,268,800 | ---- | C] () -- C:\Windows\SysNative\msv1_0.dll
[2009/10/14 17:58:44 | 00,205,312 | ---- | C] () -- C:\Windows\SysNative\wdigest.dll
[2009/10/14 17:58:44 | 00,094,720 | ---- | C] () -- C:\Windows\SysNative\secur32.dll
[2009/10/14 17:58:44 | 00,011,264 | ---- | C] () -- C:\Windows\SysNative\lsass.exe
[2009/10/14 17:58:42 | 02,423,296 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2009/10/14 17:58:35 | 04,691,016 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2009/10/14 17:58:33 | 00,791,552 | ---- | C] () -- C:\Windows\SysNative\localspl.dll
[2009/10/14 17:58:32 | 00,324,608 | ---- | C] () -- C:\Windows\SysNative\PortableDeviceApi.dll
[2009/10/14 17:58:29 | 00,366,080 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2009/10/14 17:58:29 | 00,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2009/10/14 17:58:29 | 00,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2009/10/14 17:58:29 | 00,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2009/10/14 17:58:27 | 00,818,688 | ---- | C] () -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/10/14 17:58:24 | 02,743,296 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2009/10/14 17:58:22 | 00,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2009/10/14 17:58:21 | 00,176,640 | ---- | C] () -- C:\Windows\SysNative\Faultrep.dll
[2009/10/14 17:58:21 | 00,120,832 | ---- | C] () -- C:\Windows\SysNative\wersvc.dll
[2009/10/14 17:58:20 | 00,088,576 | ---- | C] () -- C:\Windows\SysNative\atl.dll
[2009/10/14 17:58:17 | 00,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2009/10/14 17:55:57 | 01,979,847 | -H-- | C] () -- C:\Users\Ganton\AppData\Local\IconCache.db
[2009/10/14 17:50:46 | 02,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2009/10/14 17:50:46 | 00,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2009/10/14 17:50:46 | 00,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2009/10/14 17:50:46 | 00,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2009/10/14 17:50:46 | 00,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2009/10/14 17:50:46 | 00,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2009/10/14 17:50:46 | 00,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2009/10/14 17:45:10 | 02,289,688 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2009/10/14 17:45:10 | 01,717,248 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2009/10/14 17:45:10 | 00,054,296 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2009/10/14 17:45:10 | 00,043,032 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2009/10/14 17:44:57 | 00,685,592 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2009/10/14 17:44:57 | 00,093,184 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2009/10/14 17:44:57 | 00,035,352 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2009/10/14 17:44:53 | 00,175,376 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2009/10/14 17:44:53 | 00,033,792 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2009/10/14 17:31:18 | 00,000,436 | ---- | C] () -- C:\Windows\tasks\Norton Internet Security - Ganton - Full System Scan.job
[2009/10/14 17:20:06 | 00,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/14 17:10:09 | 00,002,049 | ---- | C] () -- C:\Users\Ganton\Desktop\Google Chrome.lnk
[2009/10/14 17:09:02 | 00,004,470 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/10/14 17:05:36 | 00,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2504864241-4246784017-3457649832-1000UA.job
[2009/10/14 17:05:35 | 00,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2504864241-4246784017-3457649832-1000Core.job
[2009/10/14 16:10:01 | 00,238,960 | ---- | C] () -- C:\Windows\SysNative\MpSigStub.exe
[2009/10/14 15:58:32 | 00,077,120 | ---- | C] () -- C:\Users\Ganton\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/14 15:49:22 | 00,001,839 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_CPC_NP238AA-ABA e9107c_YC_0Pavi_QMXX929_E93NAv6PrA3_49_IEureka3_SPEGATRON CORPORATION_V1.01_B5.03_T090428_WUH1_L409_M8191_J750_7Intel_8Core2 Quad Q8200_92.34_#_N10EC8168_Z_G1002954F.MRK
[2009/10/14 15:49:22 | 00,001,839 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_CPC_NP238AA-ABA e9107c_YC_0Pavi_QMXX929_E93NAv6PrA3_49_IEureka3_SPEGATRON CORPORATION_V1.01_B5.03_T090428_WUH1_L409_M8191_J750_7Intel_8Core2 Quad Q8200_92.34_#_N10EC8168_Z_G1002954F.MRK
[2009/10/14 15:49:19 | 00,001,368 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish Photos - FREE - 1st 30 Prints.lnk
[2009/10/14 15:48:14 | 00,000,020 | -HS- | C] () -- C:\Users\Ganton\ntuser.ini
[2009/10/14 15:48:13 | 01,835,008 | -HS- | C] () -- C:\Users\Ganton\NTUSER.DAT
[2009/10/14 15:48:13 | 00,524,288 | -HS- | C] () -- C:\Users\Ganton\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2009/10/14 15:48:13 | 00,524,288 | -HS- | C] () -- C:\Users\Ganton\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009/10/14 15:48:13 | 00,065,536 | -HS- | C] () -- C:\Users\Ganton\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009/05/22 23:29:26 | 00,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009/05/22 23:29:26 | 00,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 18:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 07:25:49 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006/11/02 07:07:25 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:07:25 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:07:25 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:07:25 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 04:34:27 | 00,000,210 | ---- | C] () -- C:\Windows\win.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
Here's the Extras.Txt:
OTL Extras logfile created on: 11/9/2009 8:39:56 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Ganton\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.64 Gb Total Space | 637.22 Gb Free Space | 93.07% Space Free | Partition Type: NTFS
Drive D: | 14.00 Gb Total Space | 2.20 Gb Free Space | 15.69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GANTON-PC
Current User Name: Ganton
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe ()
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2504864241-4246784017-3457649832-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* ()
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* ()
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 ()
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* ()
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{337837A9-8FCC-4904-A81B-A461AB6A3ACC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{35DDBAFF-629F-45EF-A169-E49BB067F511}" = lport=139 | protocol=6 | dir=in | app=system |
"{49D711B2-0FB1-4A18-98A2-0EB3739C1468}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{575F33BE-01D4-4FB4-A8BB-81BE3BEC37E1}" = lport=137 | protocol=17 | dir=in | app=system |
"{5E415A55-D312-426C-8C13-3025B241FBDB}" = rport=138 | protocol=17 | dir=out | app=system |
"{7027FAFD-7BA4-45E6-8608-98EAD759A3F4}" = rport=137 | protocol=17 | dir=out | app=system |
"{A04E294A-2CF2-4C4B-8E75-818670DAFF3D}" = rport=445 | protocol=6 | dir=out | app=system |
"{A4EAE4B2-5E98-4A5E-B610-3F746F2564AA}" = lport=138 | protocol=17 | dir=in | app=system |
"{AE9605C4-38E1-4218-B6D0-41D72DDD925D}" = lport=445 | protocol=6 | dir=in | app=system |
"{DB1AABD3-3DAD-419C-91FA-9DFED19F97F6}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03429593-B030-4C34-924A-FB98B85EB996}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0BC70EB1-489E-453D-8993-FD5A9A4FC180}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0CD1ECF8-5565-4D95-AA64-802AE456429F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{18DEEFB3-44B8-448F-8E5D-7B9731E9C0F2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3B921C39-99D3-4E0F-9BD7-FFCB3E941350}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5C7FA232-263A-48FC-A99F-04C64FCBDAF6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5E254310-43CC-43DA-BFCF-45424A88A631}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{7811DFA2-210D-4535-AFE2-79BC225EF233}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{7B3CF44F-C759-4D08-8A1E-57810EA4EC0F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{7E8EA85E-3F85-4869-A32F-6734EFF2A4A6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{890A7D1F-937F-4456-AE3E-4E1743806C61}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{9FE73CE5-1100-4DC5-A765-CC552C7ECD4A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{A5C1F325-C656-400C-B5DA-366F10BE41D4}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{ABAF20A2-3733-459F-B597-63BCDC32339C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{B5FC741B-5649-4B06-9B20-8BEBED191D83}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{BC2E1ED0-6939-4848-BAB6-AEB56C42D0B2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{C62563E8-EE4C-4DE8-8BCD-38C27A85A824}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D626F6E5-F726-42C3-864C-0BC224C7F83E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{FB44CB24-69D7-47F8-8DE7-D025FB9E5CC7}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3E597AC0-C805-7F2C-FF91-6D2EA9368D37}" = ccc-utility64
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64
"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F7FF5EB8-E7C8-8096-0C33-A5B30CD2EA4C}" = ATI Catalyst Install Manager
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{10133E8F-56BA-9679-B1C9-BDD2A737524D}" = Catalyst Control Center Graphics Light
"{1116E59F-AC01-B06D-024C-95E13490DE43}" = CCC Help Korean
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F96599E-619C-1EBD-8BE6-F39A5029D344}" = CCC Help Finnish
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25AEC278-A3E1-13C4-5BE3-95920A6AACB3}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{290CA856-3737-4874-864B-BA142F4823C8}_is1" = HP MediaSmart Demo
"{2F2D50D7-C7A4-FAEC-4141-51B3D1DD543D}" = CCC Help Russian
"{30B2C06D-4E04-108F-84E4-DBDB3B7D9340}" = ccc-core-static
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{362C65F7-571F-8396-DF58-A6A8D63444D2}" = CCC Help Swedish
"{365B9E8A-5044-F17C-ABF1-815DF62F4B51}" = CCC Help Spanish
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{444DB7A0-BB94-9942-7215-EF8165F3053B}" = Catalyst Control Center Graphics Full New
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4D80B6CD-B297-FDE8-985B-05540F73ACDF}" = CCC Help German
"{547C4A03-8402-49E9-9E94-112929185B1E}" = MSN Toolbar Platform
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5A9AB192-3A8F-6386-6CE2-80DC9CF9DCBA}" = Catalyst Control Center Graphics Previews Vista
"{5E39F0CC-4255-66B2-F8D1-FB76C5504C47}" = Catalyst Control Center Graphics Full Existing
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66206F6F-A212-4FAC-837D-3415AA5698DC}" = Catalyst Control Center - Branding
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1" = HP Easy Backup
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
"{6DD2B3B5-FE09-E821-A930-C154DA7F70C0}" = CCC Help Polish
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CEB52D-E5B8-B94F-0DB1-2E26F68F0394}" = Catalyst Control Center Core Implementation
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{744F6CCF-9F56-40A0-A33D-2A45D53B6046}" = Hoyle Card Games 2004
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88104ACD-31BA-B16E-F151-5F295D215E75}" = CCC Help Danish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3DC8C3-E569-3A75-753F-C04904776AEA}" = Catalyst Control Center Graphics Previews Common
"{8C657345-C0C0-42F0-2107-43F3F223C99E}" = CCC Help Turkish
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9A02FA6E-01D8-451A-F373-767C2F906F21}" = CCC Help Czech
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9F8E53F8-2B04-1CBE-80D2-722D8016BFAC}" = CCC Help French
"{A002C1C4-C17B-6269-66FA-CC113FFE4E89}" = CCC Help Japanese
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC49682F-CE9E-43D3-1556-95F4C19DCAFC}" = CCC Help Portuguese
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BC07934A-69FF-A886-E4F1-480EA39C43C3}" = CCC Help Dutch
"{BE380C5D-BE4C-08C5-8123-79AC369A8029}" = CCC Help Norwegian
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C03897FD-8FE2-A7A6-FA75-B0840CB949E0}" = CCC Help Greek
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CF3C3096-003A-9FC9-4715-9FC8962E35F3}" = Catalyst Control Center InstallProxy
"{D07A3080-A281-C40D-2E1E-699F98B4F3F7}" = CCC Help Chinese Traditional
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DECD11E6-42D5-3416-AD6B-60A9093CE0CE}" = CCC Help Hungarian
"{DEF45232-204B-12BA-BCAC-105DCF05A399}" = CCC Help English
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA36F8FF-81C8-2832-F023-3CEB2283E3EB}" = CCC Help Thai
"{EADFF891-1161-6EC4-6F0A-7FF1E30F4C57}" = CCC Help Chinese Standard
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E05527-16B4-5855-E3FD-D27A7EE477B4}" = Catalyst Control Center Localization All
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FB8E2BF3-74B7-75D5-941D-FBF10395D002}" = Skins
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Free Window Registry Repair" = Free Window Registry Repair
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{744F6CCF-9F56-40A0-A33D-2A45D53B6046}" = Hoyle Card Games 2004
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSC" = McAfee SecurityCenter
"pywin32-py2.6" = Python 2.6 pywin32-212
"SpywareBlaster_is1" = SpywareBlaster 4.2
"WildTangent hp Master Uninstall" = HP Games

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2504864241-4246784017-3457649832-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/1/2009 1:28:41 AM | Computer Name = Ganton-PC | Source = EventSystem | ID = 4621
Description =

Error - 11/1/2009 10:14:13 AM | Computer Name = Ganton-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/2/2009 2:33:24 AM | Computer Name = Ganton-PC | Source = EventSystem | ID = 4621
Description =

Error - 11/2/2009 10:28:25 AM | Computer Name = Ganton-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/3/2009 2:32:37 AM | Computer Name = Ganton-PC | Source = EventSystem | ID = 4621
Description =

Error - 11/3/2009 10:29:40 AM | Computer Name = Ganton-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/3/2009 4:55:52 PM | Computer Name = Ganton-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/4/2009 2:12:41 AM | Computer Name = Ganton-PC | Source = EventSystem | ID = 4621
Description =

Error - 11/4/2009 10:27:49 AM | Computer Name = Ganton-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/4/2009 5:45:54 PM | Computer Name = Ganton-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/7/2009 11:20:50 AM | Computer Name = Ganton-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 11/7/2009 11:20:51 AM | Computer Name = Ganton-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 11/7/2009 11:20:57 AM | Computer Name = Ganton-PC | Source = HTTP | ID = 15016
Description =

Error - 11/7/2009 11:22:39 AM | Computer Name = Ganton-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/7/2009 11:22:39 AM | Computer Name = Ganton-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/7/2009 6:11:04 PM | Computer Name = Ganton-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 11/7/2009 6:11:04 PM | Computer Name = Ganton-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 11/7/2009 6:11:10 PM | Computer Name = Ganton-PC | Source = HTTP | ID = 15016
Description =

Error - 11/7/2009 6:12:53 PM | Computer Name = Ganton-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/7/2009 6:12:53 PM | Computer Name = Ganton-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#6 Ganton

Ganton
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tumwater, Wash. USA
  • Local time:08:43 PM

Posted 10 November 2009 - 12:04 AM

I thought I'd posted the Extra Txt log too, but I don't see it now. If it's not here, let me know and I'll run and post the whole log file again...Ganton

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:43 AM

Posted 10 November 2009 - 06:09 AM

Hi,

as far as I can see this log is clean. (and the extra.txt is present)
Are you having any particular symptoms that would help show in which direction to look?

Please run a scan with Malwarebytes next:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

I changed my nick from _temp_ to myrti tonight, I hope this won't cause to much confusion.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 Ganton

Ganton
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tumwater, Wash. USA
  • Local time:08:43 PM

Posted 10 November 2009 - 03:25 PM

Hi again. You can close out my topic now. I am satisfied that my PC is not infected. I have MBAM and SuperAntiSpyware Prof. version and both come up clean. I also have ESET Online scanner and it comes up clean. The only reason I pursued this topic as long as I did was because one of the just noted programs came up with Win32Kryptik.SH trojan and deleted it and Garmanma on this site said it could be very hard to eradicate and offered me various steps to take with me ending up here. I'm okay with it now, and thanks very much for your help and patience.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:43 AM

Posted 10 November 2009 - 03:47 PM

Hi,

you could have mentioned, that you had received help here at the forums before. Could you satisfy my curiosity and tell me where Eset found that infection? In which file? The infection you have is a very stubborn rootkit. Due to the fact that Vista 64bit requires signed drivers, it should not be able to infect your PC. But there is always a first and it may be quite difficult to confirm or refute the infection.
If you consider your PC clean, I'll be happy to close the topic for you. Please reply once more to let me know your decision.

Please also update your java to prevent future infections:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

regards myrti

Edited by myrti, 10 November 2009 - 03:48 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Ganton

Ganton
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tumwater, Wash. USA
  • Local time:08:43 PM

Posted 10 November 2009 - 11:18 PM

I'm very sorry, but I just don't remember where (in which file) the infection was found. I really don't. I'm just a user trying to get by in the high tech computer world and I guess I don't know enough to note such things and write them down. My computer shows no symptoms of any infection(s) now, so you can go ahead and close the topic. Oh, and thanx for the info. on the needed Java update. I did download it and it is now installed. Thanks again. :(

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:43 AM

Posted 11 November 2009 - 06:37 AM

Hi,

As I said, it would have been purely for my curiosity. No harm done if you don't have the name.

Read those last few lines, in order to keep your pc safe and clean:
Please do the following to clean up your PC:
  • Delete the tools used during the disinfection:
    • Download OTC from the following mirrors and save it to your desktop:
    • Double click on Posted Image
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  • If OTC faild to remove all programs from your Desktop, please delete the rest manually.
  • Disable and Enable System Restore.
    You can find instructions on how to disable and reenable system restore here:
    Windows ME System Restore Guide
    Windows XP System Restore Guide
    Windows Vista System Restore Guide

    Note: You should only do this once, not on a regular basis!
    You will not be able to restore computer to any earlier than today!
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:43 AM

Posted 16 November 2009 - 09:35 AM

Since the issue seems to be resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users