Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Programs not responding..


  • This topic is locked This topic is locked
60 replies to this topic

#1 EGreen6001

EGreen6001

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 04 September 2011 - 02:10 AM

Referred from here: http://www.bleepingcomputer.com/forums/topic414319.html ~ OB

Hi guys, I recently had problems with my computer, I thought they were fixed, but the sames problems keeps accuring. When I boot up various programs stop working, a pop will say something along the line as "Google has stopped working" "A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.". Well lucky I don't age quick, because no solution has been found. They say it's mal-ware. IDK. I have the DDS and Ark Logs. So that step is done. Thanks, hope to hear from someone soon.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Administrator at 2:54:03 on 2011-09-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1682 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=2159&gct=hp
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\YTNavAssist.dll
mURLSearchHooks: H - No File
mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ooVoo] C\ooVoo.exe /minimized
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\administrator\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl.exe] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [hpqSRMon]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [msps] c:\program files\msps\msps.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
dRun: [ooVoo.exe] c:\program files\oovoo\oovoo.exe /minimized
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{31CCE1D4-D501-46F6-BB8E-E9DDD3E3741A} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AF0F8207-D164-4C1E-B223-181A3EBD0EA7} : DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.1
TCP: Interfaces\{B8FE47D0-899D-4647-AED1-4D2E4C4B549C} : DhcpNameServer = 8.8.8.8
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\googledesktopnetwork3.dll c:\progra~1\google\google~3\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\rr6dqej8.default\
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\administrator\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-3-3 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-22 546258]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\wcmvcam.sys [2011-6-23 1068216]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-22 374240]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [2008-6-3 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [2008-7-17 269760]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-8-7 13312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 308190]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-18 313302]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2001-3-19 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1670618]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-7-7 207834]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-18 313302]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-6 41272]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-21 27192]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-8-7 96416]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 446424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 931288]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 228826]
.
=============== Created Last 30 ================
.
2011-09-01 06:57:42 -------- d-----w- c:\users\administrator\appdata\local\PackageAware
2011-08-28 16:01:58 -------- d-----w- c:\windows\system32\drivers\umdf\pt-PT
2011-08-28 16:01:54 -------- d-----w- c:\windows\system32\drivers\umdf\nl-NL
2011-08-28 16:01:50 -------- d-----w- c:\windows\system32\drivers\umdf\it-IT
2011-08-28 16:01:44 -------- d-----w- c:\windows\system32\drivers\umdf\de-DE
2011-08-28 16:01:39 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR
2011-08-28 16:01:35 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES
2011-08-24 04:11:25 -------- d-----w- c:\users\administrator\appdata\roaming\f-secure
2011-08-24 04:11:10 -------- d-----w- c:\programdata\F-Secure
2011-08-24 04:01:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-08-24 04:01:44 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-08-24 04:01:44 785368 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-08-24 04:01:44 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-08-24 04:01:44 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-08-24 04:01:44 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-08-24 04:01:44 1846232 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-08-24 04:01:44 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-08-24 00:51:00 -------- d-----w- c:\program files\iPod
2011-08-24 00:50:57 -------- d-----w- c:\program files\iTunes
2011-08-23 22:35:55 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 06:50:32 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b89ffea8-1054-4bfd-b5f8-2435e72fb76a}\mpengine.dll
2011-08-23 01:56:12 -------- d-----w- c:\program files\ESET
2011-08-22 06:08:48 -------- d-----w- c:\users\administrator\appdata\local\Adobe
2011-08-22 03:27:43 -------- d-----w- c:\users\administrator\appdata\roaming\SUPERAntiSpyware.com
2011-08-22 03:27:16 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-22 03:27:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-22 01:34:51 -------- d-----w- c:\windows\system32\syncdb
2011-08-22 01:21:25 -------- d-----w- c:\users\administrator\appdata\local\VS Revo Group
2011-08-22 01:21:22 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-08-22 01:21:20 -------- d-----w- c:\program files\VS Revo Group
2011-08-21 18:35:09 0 ---ha-w- c:\users\administrator\appdata\local\BIT6ED8.tmp
2011-08-21 18:20:04 -------- d-----w- c:\users\administrator\appdata\local\Seven Zip
2011-08-18 14:56:11 -------- d-----w- c:\users\administrator\appdata\roaming\Malwarebytes
2011-08-17 07:20:04 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-15 11:54:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-13 04:42:34 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-13 04:42:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-13 04:42:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-13 04:42:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-13 04:36:13 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-11 08:12:37 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 08:12:37 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 08:09:33 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-07 18:20:21 1547776 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-08-07 18:03:23 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-08-07 18:03:23 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-08-07 17:26:04 -------- d-----w- C:\126e0e9afe532c456f20e8
2011-08-07 17:25:27 -------- d-----w- C:\2942db98199ec0b6f174
2011-08-07 17:24:07 132224 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2011-08-07 17:24:06 92672 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2011-08-07 17:24:06 64512 ----a-w- c:\windows\system32\WUDFSvc.dll
2011-08-07 17:24:06 39936 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2011-08-07 17:24:06 162304 ----a-w- c:\windows\system32\WUDFPlatform.dll
2011-08-07 17:24:05 567808 ----a-w- c:\windows\system32\WUDFx.dll
2011-08-07 17:24:05 195584 ----a-w- c:\windows\system32\WUDFHost.exe
2011-08-07 07:16:36 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2011-08-07 07:16:36 515584 ----a-w- c:\program files\windows mail\wab.exe
2011-08-07 07:16:28 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-08-07 07:16:18 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-08-07 07:16:16 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-08-07 07:16:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-08-07 07:16:03 81920 ----a-w- c:\windows\system32\consent.exe
2011-08-07 07:08:24 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-08-07 05:37:03 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2011-08-07 05:37:02 96416 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-08-07 05:37:02 13312 ----a-w- c:\windows\system32\drivers\pneteth.sys
2011-08-07 05:37:02 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-08-07 05:37:02 10144 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-08-07 05:37:02 10144 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-08-07 05:37:02 -------- d-----w- c:\program files\PdaNet for Android
2011-08-05 16:28:23 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2011-08-05 16:25:46 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-08-05 16:25:46 322560 ----a-w- c:\windows\system32\sbe.dll
2011-08-05 16:25:46 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-08-05 16:25:46 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-08-05 16:25:13 601600 ----a-w- c:\windows\system32\schedsvc.dll
2011-08-05 16:25:12 352768 ----a-w- c:\windows\system32\taskschd.dll
2011-08-05 16:25:12 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-08-05 16:25:12 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-08-05 16:25:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-08-05 16:24:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-08-05 16:23:59 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-08-05 14:07:46 276992 ----a-w- c:\windows\system32\schannel.dll
.
==================== Find3M ====================
.
2011-08-26 05:10:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-05 17:40:58 3584 ----a-w- c:\windows\system32\drivers\umdf\zh-tw\ZuneDriver.dll.mui
2011-08-05 17:40:54 3584 ----a-w- c:\windows\system32\drivers\umdf\zh-cn\ZuneDriver.dll.mui
2011-08-05 17:40:48 6144 ----a-w- c:\windows\system32\drivers\umdf\sv-se\ZuneDriver.dll.mui
2011-08-05 17:40:42 6144 ----a-w- c:\windows\system32\drivers\umdf\ru-ru\ZuneDriver.dll.mui
2011-08-05 17:40:36 6144 ----a-w- c:\windows\system32\drivers\umdf\pt-pt\ZuneDriver.dll.mui
2011-08-05 17:40:30 6144 ----a-w- c:\windows\system32\drivers\umdf\pt-br\ZuneDriver.dll.mui
2011-08-05 17:40:26 6144 ----a-w- c:\windows\system32\drivers\umdf\pl-pl\ZuneDriver.dll.mui
2011-08-05 17:40:18 6656 ----a-w- c:\windows\system32\drivers\umdf\nl-nl\ZuneDriver.dll.mui
2011-08-05 17:40:12 5632 ----a-w- c:\windows\system32\drivers\umdf\nb-no\ZuneDriver.dll.mui
2011-08-05 17:40:08 6144 ----a-w- c:\windows\system32\drivers\umdf\ms-my\ZuneDriver.dll.mui
2011-08-05 17:40:02 4096 ----a-w- c:\windows\system32\drivers\umdf\ko-kr\ZuneDriver.dll.mui
2011-08-05 17:39:56 4608 ----a-w- c:\windows\system32\drivers\umdf\ja-jp\ZuneDriver.dll.mui
2011-08-05 17:39:52 6656 ----a-w- c:\windows\system32\drivers\umdf\it-it\ZuneDriver.dll.mui
2011-08-05 17:39:46 6144 ----a-w- c:\windows\system32\drivers\umdf\id-id\ZuneDriver.dll.mui
2011-08-05 17:39:40 6656 ----a-w- c:\windows\system32\drivers\umdf\hu-hu\ZuneDriver.dll.mui
2011-08-05 17:39:36 6144 ----a-w- c:\windows\system32\drivers\umdf\fr-fr\ZuneDriver.dll.mui
2011-08-05 17:39:30 6144 ----a-w- c:\windows\system32\drivers\umdf\fi-fi\ZuneDriver.dll.mui
2011-08-05 17:39:24 6656 ----a-w- c:\windows\system32\drivers\umdf\es-es\ZuneDriver.dll.mui
2011-08-05 17:39:18 6656 ----a-w- c:\windows\system32\drivers\umdf\el-gr\ZuneDriver.dll.mui
2011-08-05 17:39:12 6144 ----a-w- c:\windows\system32\drivers\umdf\de-de\ZuneDriver.dll.mui
2011-08-05 17:39:06 6144 ----a-w- c:\windows\system32\drivers\umdf\da-dk\ZuneDriver.dll.mui
2011-08-05 17:39:00 5632 ----a-w- c:\windows\system32\drivers\umdf\cs-cz\ZuneDriver.dll.mui
2011-08-05 17:26:34 6144 ----a-w- c:\windows\system32\drivers\umdf\en-us\ZuneDriver.dll.mui
2011-07-12 17:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 17:20:54 261598 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 00:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 00:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-23 06:43:04 1068216 ----a-w- c:\windows\system32\drivers\wcmvcam.sys
.
============= FINISH: 2:55:34.65 ===============

Attached File  Attach.txt   15.93KB   3 downloads
Attached File  ark.txt   11.43KB   2 downloads

Edited by Orange Blossom, 06 September 2011 - 12:25 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:14 AM

Posted 08 September 2011 - 05:36 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 EGreen6001

EGreen6001
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 09 September 2011 - 10:13 AM

Yes I'm here..

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:14 AM

Posted 09 September 2011 - 07:01 PM

Can you run OTL for me, it's a scanner like DDS but with a bit extra.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#5 EGreen6001

EGreen6001
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 10 September 2011 - 03:15 PM

OTL.txt


OTL logfile created on: 9/10/2011 3:04:20 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 42.96% Memory free
6.06 Gb Paging File | 4.40 Gb Available in Paging File | 72.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 168.35 Gb Free Space | 58.62% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.52 Gb Free Space | 13.89% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ooVoo\ooVoo.exe (ooVoo LLC)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\SMINST\BLService.exe ()
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)


========== Modules (No Company Name) ==========

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Users\Administrator\AppData\Local\temp\hjd624B.tmp ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (WCMVCAM) -- C:\Windows\System32\drivers\wcmvcam.sys (Windows ® Win 7 DDK provider)
DRV - (pneteth) -- C:\Windows\System32\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (OA004Vid) -- C:\Windows\System32\drivers\OA004Vid.sys (Creative Technology Ltd.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (OA004Ufd) -- C:\Windows\System32\drivers\OA004Ufd.sys (Creative Technology Ltd.)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=2159&gct=hp
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/25 14:19:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/14 13:56:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/15 11:57:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/23 23:01:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/23 23:01:43 | 000,000,000 | ---D | M]

[2001/03/15 02:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2001/03/15 02:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/08/21 20:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rr6dqej8.default\extensions
[2001/03/15 04:20:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rr6dqej8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/17 13:12:44 | 000,002,333 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rr6dqej8.default\searchplugins\askcom.xml
[2011/08/26 00:10:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/23 23:01:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/08/26 00:10:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/08/12 00:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/06/21 11:13:59 | 000,119,808 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2011/08/26 00:10:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/07/15 11:57:36 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2001/03/20 16:58:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2001/03/20 16:58:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2001/03/20 16:58:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2001/03/20 16:58:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2001/03/20 16:58:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2001/03/20 16:58:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2001/03/20 16:58:14 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2010/07/15 11:58:00 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2010/07/15 11:57:20 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/08/11 22:16:35 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/11 22:16:35 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/08/11 22:16:35 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/06/21 11:14:08 | 000,002,020 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
[2011/08/11 22:16:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/08/11 22:16:35 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/03/03 02:59:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [msps] C:\Program Files\msps\msps.exe (MySpace Password Spy)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [ooVoo] File not found
O4 - HKCU..\Run: [ooVoo.exe] C:\program files\oovoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31CCE1D4-D501-46F6-BB8E-E9DDD3E3741A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF0F8207-D164-4C1E-B223-181A3EBD0EA7}: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8FE47D0-899D-4647-AED1-4D2E4C4B549C}: DhcpNameServer = 8.8.8.8
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d72d0df-bf9e-11e0-b8d3-b6a67568a091}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\FiegiOK.exE
O33 - MountPoints2\{2d72d0e4-bf9e-11e0-b8d3-b6a67568a091}\Shell - "" = AutoRun
O33 - MountPoints2\{2d72d0e4-bf9e-11e0-b8d3-b6a67568a091}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/10 14:57:19 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/09/04 12:30:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2011/09/01 01:57:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\PackageAware
[2011/08/30 01:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
[2011/08/30 01:05:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\HPAppData
[2011/08/26 00:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/26 00:10:43 | 000,337,370 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/26 00:10:43 | 000,325,088 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/26 00:10:43 | 000,325,078 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/23 23:11:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\f-secure
[2011/08/23 23:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011/08/23 19:59:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Music
[2011/08/23 19:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/08/23 19:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/23 19:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/23 17:35:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/23 03:05:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/08/22 20:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/08/22 19:42:04 | 000,624,086 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\TFC.exe
[2011/08/22 01:08:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2011/08/21 22:27:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2011/08/21 22:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/08/21 22:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/08/21 22:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/21 20:34:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\syncdb
[2011/08/21 20:21:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\VS Revo Group
[2011/08/21 20:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/08/21 20:21:22 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/08/21 20:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/08/21 13:20:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Seven Zip
[2011/08/18 09:56:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011/08/18 09:54:56 | 009,643,994 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/17 02:20:04 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/08/17 01:46:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/08/17 01:46:52 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/08/17 01:46:52 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/08/17 01:46:52 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/08/17 01:46:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/17 01:46:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/17 01:46:51 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/17 01:46:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/08/17 01:46:50 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/17 01:46:50 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/08/17 01:46:49 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/08/17 01:46:48 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/08/17 01:46:48 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/17 01:46:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/17 01:46:48 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/17 01:46:48 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/17 01:46:48 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/17 01:46:47 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/08/17 01:46:47 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/17 01:46:47 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/17 01:46:47 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/08/17 01:46:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/08/17 01:46:47 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/08/17 01:46:47 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/17 01:46:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/17 01:46:46 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/08/17 01:46:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/08/17 01:46:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/17 01:46:46 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/08/17 01:46:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/08/17 01:46:45 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/17 01:46:45 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/08/17 01:46:45 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/17 01:46:45 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/08/17 01:46:45 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/17 01:46:45 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/08/17 01:46:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/15 06:54:46 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/12 23:42:34 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[1 C:\Users\Administrator\AppData\Local\*.tmp files -> C:\Users\Administrator\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/10 15:00:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1536971991-3487919783-3915485165-500UA.job
[2011/09/10 14:57:19 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/09/10 14:57:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/10 14:30:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/10 14:22:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1536971991-3487919783-3915485165-1000UA.job
[2011/09/10 14:19:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/10 02:58:07 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/09/10 02:57:37 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1536971991-3487919783-3915485165-500Core.job
[2011/09/10 02:57:37 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1536971991-3487919783-3915485165-1000Core.job
[2011/09/09 16:00:22 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/09 16:00:22 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/09 02:57:10 | 000,023,021 | ---- | M] () -- C:\Users\Administrator\Desktop\Work.odt
[2011/09/08 09:46:27 | 000,018,008 | ---- | M] () -- C:\Users\Administrator\Desktop\HW1.odt
[2011/09/08 09:46:15 | 000,018,008 | ---- | M] () -- C:\Users\Administrator\Documents\HW1.odt
[2011/09/05 17:10:02 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/05 17:10:02 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/05 04:03:18 | 000,015,778 | ---- | M] () -- C:\Users\Administrator\Desktop\Bonus.odt
[2011/09/04 14:49:40 | 000,012,581 | ---- | M] () -- C:\Users\Administrator\Desktop\EGB.odt
[2011/09/04 14:49:01 | 000,012,581 | ---- | M] () -- C:\Users\Administrator\Documents\EGB.odt
[2011/09/04 12:31:16 | 000,000,988 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2011/09/03 18:01:38 | 000,002,082 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011/09/03 18:01:38 | 000,002,044 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/01 11:11:49 | 000,294,216 | ---- | M] () -- C:\Users\Administrator\Desktop\gmer.zip
[2011/08/30 01:08:54 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2011/08/26 00:10:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/26 00:10:31 | 000,337,370 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/08/26 00:10:31 | 000,325,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/08/26 00:10:31 | 000,325,078 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/08/23 23:01:45 | 000,000,830 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/23 23:01:45 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/23 19:51:54 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/23 03:31:30 | 000,470,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/22 19:42:08 | 000,624,086 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\TFC.exe
[2011/08/21 22:27:19 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/21 20:21:23 | 000,001,049 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/08/18 09:55:54 | 000,000,890 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/18 09:54:57 | 009,643,994 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/18 09:49:36 | 001,056,724 | ---- | M] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2011/08/17 02:34:47 | 000,000,478 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Welcome to BRCC.website
[2011/08/17 01:52:16 | 000,000,903 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/17 01:47:08 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/08/17 01:47:08 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/08/17 01:46:53 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/08/17 01:46:52 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/08/17 01:46:52 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/08/17 01:46:52 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/08/17 01:46:52 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/17 01:46:51 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/17 01:46:51 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/08/17 01:46:51 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/08/17 01:46:50 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/08/17 01:46:50 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/08/17 01:46:49 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/08/17 01:46:48 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/08/17 01:46:48 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/08/17 01:46:48 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/17 01:46:48 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/08/17 01:46:48 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/08/17 01:46:48 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/08/17 01:46:48 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/08/17 01:46:47 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/08/17 01:46:47 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/17 01:46:47 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/08/17 01:46:47 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/08/17 01:46:47 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/08/17 01:46:47 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/08/17 01:46:47 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/08/17 01:46:46 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/17 01:46:46 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/08/17 01:46:46 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/08/17 01:46:46 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/08/17 01:46:46 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/08/17 01:46:46 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/08/17 01:46:45 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/17 01:46:45 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/08/17 01:46:45 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/08/17 01:46:45 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/08/17 01:46:45 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/08/17 01:46:45 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/08/17 01:46:45 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/08/16 15:44:48 | 000,002,241 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/08/15 06:54:46 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/13 03:18:34 | 000,083,222 | ---- | M] () -- C:\Windows\System32\MRT.INI
[1 C:\Users\Administrator\AppData\Local\*.tmp files -> C:\Users\Administrator\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/09 02:57:09 | 000,023,021 | ---- | C] () -- C:\Users\Administrator\Desktop\Work.odt
[2011/09/08 09:46:27 | 000,018,008 | ---- | C] () -- C:\Users\Administrator\Desktop\HW1.odt
[2011/09/08 09:46:14 | 000,018,008 | ---- | C] () -- C:\Users\Administrator\Documents\HW1.odt
[2011/09/05 04:03:18 | 000,015,778 | ---- | C] () -- C:\Users\Administrator\Desktop\Bonus.odt
[2011/09/04 14:49:39 | 000,012,581 | ---- | C] () -- C:\Users\Administrator\Desktop\EGB.odt
[2011/09/04 14:49:00 | 000,012,581 | ---- | C] () -- C:\Users\Administrator\Documents\EGB.odt
[2011/09/04 12:31:16 | 000,000,988 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2011/09/01 11:11:17 | 000,294,216 | ---- | C] () -- C:\Users\Administrator\Desktop\gmer.zip
[2011/08/30 01:08:54 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2011/08/23 23:01:45 | 000,000,830 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/23 23:01:45 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/23 19:51:54 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/21 22:27:19 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/21 20:21:23 | 000,001,049 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2011/08/18 09:55:54 | 000,000,890 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/18 09:42:34 | 001,056,724 | ---- | C] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2011/08/17 02:07:43 | 000,000,478 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Welcome to BRCC.website
[2011/08/17 01:46:48 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/09 00:31:30 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2011/08/07 13:37:19 | 000,035,328 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/10 03:10:49 | 000,083,222 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/04/23 00:54:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/03 02:36:46 | 000,439,262 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/03 02:36:46 | 000,276,444 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/03 02:36:46 | 000,258,528 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/03 02:36:46 | 000,254,938 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/03 02:36:46 | 000,245,722 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/22 15:29:15 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/01/14 13:55:13 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/09 14:50:19 | 000,077,351 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/11/11 16:47:05 | 223,442,669 | ---- | C] () -- C:\Windows\System32\C_Icache.DLL
[2009/11/11 16:42:54 | 000,501,760 | ---- | C] () -- C:\Windows\System32\drivers\mou2k.sys
[2009/11/11 16:42:54 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\lsi_sex.sys
[2009/11/11 16:42:54 | 000,010,752 | ---- | C] () -- C:\Windows\System32\drivers\atapnt.sys
[2009/10/16 04:01:26 | 000,938,496 | ---- | C] () -- C:\Windows\System32\usbx86.dll
[2009/10/16 04:00:54 | 000,135,168 | ---- | C] () -- C:\Windows\System32\chsbrk32.dll
[2009/08/03 15:07:42 | 000,408,542 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/26 10:47:35 | 000,116,839 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/07/25 19:33:56 | 000,157,460 | ---- | C] () -- C:\Windows\hpoins29.dat
[2009/07/25 19:33:56 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2009/07/07 01:21:10 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/06/15 21:57:22 | 000,004,938 | ---- | C] () -- C:\ProgramData\ypkpiykb.yyr
[2009/06/15 21:21:45 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vzcontextmenu.dll
[2009/06/05 04:40:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/05 04:40:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/18 08:15:02 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/04/22 09:10:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/01 15:28:36 | 000,009,845 | ---- | C] () -- C:\Windows\System32\mswen-oce.dll
[2008/07/06 15:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/07/06 15:14:06 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/07/06 15:14:06 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/07/06 15:14:04 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/06/29 09:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/03/29 16:24:23 | 000,151,552 | ---- | C] () -- C:\Windows\System32\msnec-ocd.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,470,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/03/17 01:45:20 | 000,215,628 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2001/03/16 22:35:17 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\wklnhst.dat
[2001/03/15 02:28:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== LOP Check ==========

[2011/08/23 23:11:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\f-secure
[2011/08/15 20:09:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ooVoo Details
[2011/09/04 12:30:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2001/03/16 22:35:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Template
[2001/03/21 01:31:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WebcamMax
[2011/09/09 02:58:08 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:8927A071
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8303F807

< End of report >

Extras.txt

OTL Extras logfile created on: 9/10/2011 3:04:20 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 42.96% Memory free
6.06 Gb Paging File | 4.40 Gb Available in Paging File | 72.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 168.35 Gb Free Space | 58.62% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.52 Gb Free Space | 13.89% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A899516-106D-4C3A-85E0-4E1B0BC50AF9}" = lport=139 | protocol=6 | dir=in | app=system |
"{0EB21D1C-683B-4350-A9BE-F2D0DA98EDD4}" = lport=445 | protocol=6 | dir=in | app=system |
"{1F3A9C7B-1EA8-4D0C-B5A1-2FDEC72EF1BC}" = rport=445 | protocol=6 | dir=out | app=system |
"{2645FAC5-EA7A-4A1D-BF53-4432583E3972}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{322D5415-DD23-4CB0-AE65-AEE4FC788C23}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{58FECA0B-261D-44BD-A509-3EDC18D8470F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5FF66719-109C-4DC9-A91E-F3E9F1E9637F}" = lport=138 | protocol=17 | dir=in | app=system |
"{658B55A9-553B-4380-85BF-1ECB2B419F17}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{A2C661ED-DD41-4058-9469-5F4338A87926}" = rport=139 | protocol=6 | dir=out | app=system |
"{A456A31E-CEEB-4376-BB6E-A12B6DF3F79F}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{A90E67FD-C826-4808-9115-A8F01DE4A2A4}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA58935F-329F-43E2-AA80-457532592D3B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AD56F91F-F7DA-4BB7-BB71-E6816E4C32B5}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{AEDE2A72-CD42-4FE6-8A46-AE9E72295148}" = rport=138 | protocol=17 | dir=out | app=system |
"{CFB61B4C-AEE9-4E24-B6DD-CA5BC2189AC2}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{DA2D477B-98EA-48D6-8F65-C5AA69864F80}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{DF813B67-075A-45DD-ABAC-156495A87FBE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{FCB1DD5A-EE96-4312-8282-D59F372F08B0}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05F7FA46-3738-4211-BC3B-E1947EBEED33}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{07432561-8621-48A2-83BA-F60F8F9DE7DA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{08E5DFD7-2EA4-4C13-BA70-74A27CBB7391}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1A78C3ED-4CEB-49EC-ADE3-1510064DB433}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{1F2FF73C-2DEE-432B-B0F4-A64325126944}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{242703EC-29CD-4FB7-ACA3-F92A4FEA2329}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{2E776B18-0853-4302-9215-C2883436BECA}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{37343904-D892-4175-A7A4-99F83E732CE1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{5094F081-80C4-4B52-85E7-7359F5478ECB}" = protocol=6 | dir=in | app=c:\windows\temp\~os265e.tmp\rlvknlg.exe |
"{52449426-E375-4D94-AFFF-34A7DCD8FDE3}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{55C76F93-0884-4A76-A437-2EA243820E98}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5FC6CD42-8379-490C-B749-DA1F26D9CF7E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6470FB4A-5782-44D3-B8B0-F572E636D271}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{6545696C-2512-4A65-AFAE-0676961D8F4B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{67004B62-3794-4AB7-919F-C6EB00B24213}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6CBCFEC4-5D55-46F4-9EBD-93AD71691EE8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{70B696CC-AD1B-4326-8391-787320F7DC51}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{808AC357-E504-44C3-AB8E-F6B9631485A8}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{82CD4B7D-1B81-48D5-92E0-E10D834CC209}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{83EDAA2F-AC78-4BDD-A3B3-D928E54F4D4E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{898BB00E-44D5-400F-8437-D3FC34E4FB59}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{8F1BED43-D954-4410-9DA5-85C741B18E48}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{8FF29129-A750-4494-96DA-FE076C67E399}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{9B61C249-3523-4D94-AC70-DEF8210B2DA5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{A10C98F9-68CA-4879-9BA2-F92C5259D6B4}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{A409D7A1-B5AC-4B85-B2CF-A55E91E7AA9E}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{A87ED3AE-C59A-4AA0-843A-2FC697481F3C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{A9537CFF-BA4B-4CE2-BBDE-2FF48108AB1C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{B364A883-703C-443E-A4E6-FF68AD03A62E}" = protocol=6 | dir=in | app=c:\windows\temp\~osa04f.tmp\rlvknlg.exe |
"{B6F27323-DBAB-492B-AE60-33ABE2043180}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BD22E587-ED47-42F6-A5F4-CD4D86A48454}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{BED52095-4BD6-413C-B214-AFEEB40235A5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C0DC593B-B893-4225-A37B-F234536C2DB0}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C66E09E7-F70E-47F2-AC47-D1097FFCD20E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CB791CB6-501C-41A6-80C2-0CF021A0290D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CBBD994C-6F2B-429F-8DAF-1AB7D51653EE}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{DFAD8A71-8D17-4ED5-B589-23E0A1325FE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{E73DEF28-C5BC-4753-A091-BCEF464AB9E9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E811D924-A7B1-471C-9629-F2401C887249}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{EF0599CF-CF08-4EF0-A599-F6C5A087EA0D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EFF1DF4B-5C13-4507-9704-45A78FA070C2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{0535839F-FC3A-40CC-B058-1987E54271A1}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{2A57BC7A-1262-49C0-8418-80ED8733EE82}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{98B3EE39-D9CC-42CE-8C9E-E1A8A451471A}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{A9E29D68-0F20-4AE3-8D4C-B41E535527D9}C:\program files\hp games\polar pool\polarpool.exe" = protocol=6 | dir=in | app=c:\program files\hp games\polar pool\polarpool.exe |
"TCP Query User{DD206C3E-9240-4B7F-A83C-D4AF27894A4C}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{F21BFE84-6511-45A4-A0D6-31805D414BC8}C:\program files\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"TCP Query User{FA6876AC-A1A5-4555-AF84-3D83BC26EAAE}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{73311F19-A45C-4E82-8C95-5045DA4757EA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{9251D595-96BE-47E8-B505-96581AA10199}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{BA8401E4-01BF-44EA-A9FE-5F21A6DE6779}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{C25EB063-FF19-48D4-90EF-3FD88B914214}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{C6F0DE2C-7C24-45D0-A13F-E9ECABB63518}C:\program files\hp games\polar pool\polarpool.exe" = protocol=17 | dir=in | app=c:\program files\hp games\polar pool\polarpool.exe |
"UDP Query User{E704B316-2BE5-47A6-A982-385849FB8848}C:\program files\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"UDP Query User{FBEF3FB1-14A9-4C68-BC48-C6AEF3A7FEA4}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B15D991-5619-4BC1-B71E-3DE793B792FC}" = ArcSoft MediaConverter 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F923F90-46D1-4492-9CC6-13FBBA00E7EC}" = C4400
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B407945-AE16-4A2A-BAAF-497FE62EDED3}" = PS_AIO_03_C4400_Software_Min
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92317FD2-8A6B-4CEE-B03D-18CA3244E157}" = Windows Phone Intro Video (ENU)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{954B7F64-D1D4-476F-8919-99585D0A6ABF}" = PS_AIO_03_C4400_Software
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0810-3619-4E86-9072-973FBE1679C5}" = QuickBooks Simple Start 2009
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9CE9393-B568-428D-AD5B-55452B9748DB}" = PS_AIO_03_C4400_ProductContext
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F204E2B3-225D-419D-A5DE-3F97E8ADDD1B}" = Geek Squad 24 Hour Computer Support
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7B72805-2F58-4C04-AE9E-E7AD6A6EF62E}" = C4400_Help
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}" = HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
"Able2Extract v6.0" = Able2Extract v6.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"alotToolbar" = ALOT Toolbar
"ASIO4ALL" = ASIO4ALL
"AviSynth" = AviSynth 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA004" = Integrated Webcam Driver (1.00.03.0720)
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IL Download Manager" = IL Download Manager
"Install_is1" = Setup 1.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"PdaNet_is1" = PdaNet for Android 3.00
"PoiZone" = PoiZone
"RealPlayer 12.0" = RealPlayer
"Sakura" = Sakura
"Sawer" = Sawer
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/10/2010 11:42:16 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/10/2010 12:06:28 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/10/2010 12:06:28 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1388

Error - 5/10/2010 12:06:28 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1388

Error - 5/10/2010 2:01:04 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/10/2010 2:01:04 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6877522

Error - 5/10/2010 2:01:04 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6877522

Error - 5/10/2010 9:02:28 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/11/2010 12:11:55 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application SynTPEnh.exe, version 11.1.3.0, time stamp 0x4807eb54,
faulting module SynTPEnh.exe, version 11.1.3.0, time stamp 0x4807eb54, exception
code 0xc0000409, fault offset 0x0002c1ec, process id 0xde4, application start time
0x01caf0a590ea00fe.

Error - 5/11/2010 5:44:53 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 6/11/2009 4:44:15 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 11:48:58 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 10/14/2010 6:39:11 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1290
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/8/2011 9:55:38 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/9/2011 3:00:58 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/9/2011 3:00:58 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9/9/2011 3:01:55 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 9/9/2011 3:01:55 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 9/9/2011 3:04:05 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/9/2011 3:06:46 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/9/2011 3:08:01 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/10/2011 4:01:22 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/10/2011 4:02:52 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:14 AM

Posted 11 September 2011 - 08:59 PM

OTL can tidy up a bit for us.

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - File not found
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKCU..\Run: [ooVoo] File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:8927A071
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8303F807
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Then please run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#7 EGreen6001

EGreen6001
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 12 September 2011 - 01:29 AM

========== OTL ==========
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ooVoo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\ProgramData\Temp:8927A071 deleted successfully.
ADS C:\ProgramData\Temp:8303F807 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.27.0 log created on 09122011_012608

#8 EGreen6001

EGreen6001
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 12 September 2011 - 08:32 AM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7697

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/12/2011 8:31:51 AM
mbam-log-2011-09-12 (08-31-51).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 430661
Time elapsed: 1 hour(s), 19 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 451

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\Temp\xla75EA.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\pna869C.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\poa8E98.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\ewaDC2B.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\roa8DAE.tmp (Worm.Parite) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\xla75EA.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\pna869C.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\poa8E98.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\ewaDC2B.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\roa8DAE.tmp (Worm.Parite) -> Delete on reboot.
c:\Users\Administrator\AppData\Local\temp\hjd624B.tmp (Worm.Parite) -> Delete on reboot.
c:\Users\administrator\AppData\Local\Google\Chrome\application\chrome.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Google\Chrome\application\chrome.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\temp\rlb77B3.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\temp\rob8CAA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\temp\rob8CAB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\temp\lmb7D6E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\temp\lmb80E7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\temp\tnb8BC0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\temp\xmb80E7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\temp\hmb7D4F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\temp\pob8C9A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\temp\umb7DCB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\msrBB7A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\msxB780.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mtuC178.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\muaC87C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mueCE7B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mvpD880.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mwgDC7A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mxaEA7D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mxqEE80.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mykF478.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\nbm1189.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ndf208B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ndh2684.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\nfa3783.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\nfh3889.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\nga3E85.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\nha4A86.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\nma8084.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\nng8B82.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\nrmAA83.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\nsaB588.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\nweE485.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\oaa195.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\obaE90.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\oga3E95.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ogf458D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ogo458F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\oha4B90.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ohr4C8D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\oie518F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ola758C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\onn8393.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ooa8C95.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\opa9B93.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\oqcA592.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\otaC495.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\owaE08E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kca1C65.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kcr166A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kea2866.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kfa3665.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kff3765.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kfi3869.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kgf4465.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kie5269.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kju5A6C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\koa8C66.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\koa906C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kob936D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kom9168.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kpa9A6A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kpv9D65.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kqvA46D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ksbB569.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kscB865.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ktaC264.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ktaC36D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vja62D7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vjb61D3.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vka65D3.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vla75DA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vpc9ED3.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vpo98D7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vsaB5D6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vscB6D5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vtaC6D7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vtkC6D9.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vulCCD7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vumCEDA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vvvD8D5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vxaEADA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vxaEFDA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vyaF7D5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wab2E2.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wcs15DE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wcv14E5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wda23DE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fzvFF39.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gdd223F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gdf2240.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gha493F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gha4B42.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gja5D3C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gka6641.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gmj813C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gnb8A44.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gpc9E3C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gqaA83F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gsbB644.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gscBC42.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gvaD345.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gvmDB43.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gxaEE44.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rxaEEB1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rxkE7BB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rxzEFAF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ryaF4AA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rybF0AA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\satB4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\sfa35B9.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\sla76B4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\sla76B5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\sma7CBD.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\sqaA9B6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\staBFB5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\staC3BB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\staC3BC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\svxD5BA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\sxaE8B8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\sxaEDB7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\syaF9B9.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\szbFCB5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\tic51C7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\tja61BE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\tkr6AC6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\tof90C5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\tom94C1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\tpa9DC4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\traB1C1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mkr647F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mla7280.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mlh7079.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mpa9A7A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mqaA581.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mqcA77A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mqiA979.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mrcAB80.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\dbbE1E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\dbkF1E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\dcr1523.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ddg2324.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\dfu3423.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\dha4623.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\dla7222.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\dla7425.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\dla7722.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\dma7925.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\doa8F24.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\dtaBE20.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\dvkD821.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\dwaE021.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\dyaF527.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\dytF520.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\eay52D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\eba112F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\eda202C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\edk2231.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\eea2A2B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ela7628.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\eog8C2E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\epa972F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hygF048.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hzgFE47.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ice1554.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\icn1655.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\icz1751.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\iei3157.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ifa3452.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ifa3453.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\iia5955.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ika6557.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ila7158.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ima7C50.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\imn7D51.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ioi9454.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ipa9E51.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\irnAF54.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\isrB854.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\itaC753.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\iuaC956.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\iurCD50.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ivxD453.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ixaE954.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ixgEB58.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\jjb625F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\jjw625E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\jka6862.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\jka695C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\jka6D62.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\jla755D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\jna8B5D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\jrqB05E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\jtpBF5B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\jvvD363.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\jwgDF5C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\jzaFE5A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\paf596.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\pat9F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\pba139F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\pei3731.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\pfc369A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\pfd3699.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\pga429A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\pkh6997.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\pkt6796.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\pmx7996.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\pqaA19B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\psaB49E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\psnB897.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ptbBF96.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ptpC79F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\pwaE09E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qaa8A7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qbgCA8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qcb1DA7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qgc42A0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qgf3CA8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qka6AA4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qkr69A3.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qlt72A3.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wyuF2E4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wyuF3DE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xaa2EC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xavEE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xca16E9.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xdg24E9.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xea2AE6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xir55EA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xja61ED.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xna86EA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xqcA6EE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xqgA4E6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xvvD2E6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xwgDCEC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xxaEDEC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xyaF1EC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xytF3E8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xzmFBE7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\yav1F7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\yea2FF5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\yei2EF2.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\txtEFBE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\tyuF3BF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\tzdFDBF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\uab3CC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\uca1DCC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\uda22CB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\udv1ECF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ufa34CF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ufh37CD.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ugf43C9.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\uha49CB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ula75CB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\uma7CCD.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\uraAACF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\urwAAC9.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\uvaDBCD.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\uveD7C8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\uwaDDD0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\uwaDECA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\uyiF3D1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\uzaFFD1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\uzbFBCB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vaa3D6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vaaDA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vdd23D5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vdh25D9.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vfa39D4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vfi38D6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vgf3CD6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\eruAE2D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\eudCB2A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\eyaF72A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\eytF530.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ezeFB30.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\faa933.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fda2333.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ffd3533.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ffi3934.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fga3C34.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fga4539.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fgk4032.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fgx4539.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fia5733.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fma783A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fml7A35.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\foa8E3A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fof8E36.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fom9435.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ftaBF39.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fulCC3B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fvaD73B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fvaDA37.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fxyEF38.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qna85A3.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qpb99A5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qqaA5A0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qqaA7A3.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qraAEA5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qruABA8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qvxDAA4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qzaFEA8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qzqFDA2.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\raaAB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\raoAE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rbaCAC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rdn26AF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rea30B0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rka6DB0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rkm66AB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rnb88AF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rof93B2.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rsiB9AE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rtcBFAB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rvaD6AF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rwaE0AD.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rwaE0AE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kxuEB65.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kzgFD6C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\lea2970.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\leu286F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\lga4172.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\lma8075.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\lof9373.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\lsvB671.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\lvaD374.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\lwaE06F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\lwaE271.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\lwaE56E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\lwlDE6E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\lxaE771.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\lyaF372.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\lytF475.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\lzeFA75.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\maa27F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\maa981.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mbo117F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mbo1180.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mbq1180.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mbu117B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mea2F78.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\men2F7B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mgz3D7C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ygc43F7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\yhc47F2.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\yko6BF8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\yla73F6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\yma78F6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ypa96F1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ypa9BF0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\yqcA4F6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ysdB8F2.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ytaC2F0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\yueCEF8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\yuxC9F2.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ywhDEF4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\yxaE9F0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\zbo11FC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\zea30FE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\zma7CFB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\znr84FA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\zsaB6FF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\zscBCFD.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\whe4AE5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wic52E0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wij56DC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wiw58E2.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wiz56E5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wla71E4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wnj82E1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wof8CEE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\woi95DF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wpa9CDF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wqiA8DD.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hbf1149.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hep304B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hfa384E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hgh404B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hhe4F48.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hka6A46.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hkd6849.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hmo7848.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hoa8C47.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hoa9146.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hqhA44B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hrhAE49.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hujD04B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hveD94E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hwaDF46.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hwyDF4B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hxaEA4E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ctvC61A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\epv9F2A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\fyiF538.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\gxgEF3F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\hyaF749.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\kweE169.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mhe4B81.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ozaFD90.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\qlx72A3.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\rwhDDAD.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\txrEBC2.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\vha4FD4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wea29DD.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wtaC4E3.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\yff32F2.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\aaa608.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\abaE04.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\acn1508.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\acn1701.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\afa3800.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\aga4308.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ajy6201.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ala7406.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\aoa8D02.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\aoi8E02.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ascBAEA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ataC003.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\auaCA02.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\aweE408.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\axaE906.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ayaF804.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\balC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\bbi1111.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\bed2913.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\bfa360D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\bha4A0A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\biw5510.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\bna8B0F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\boa8D12.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\boa930B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\btaC60C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\budCA12.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\bytF30E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\bzaFB10.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\caa618.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\cda2116.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\cic5017.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\cla6E1D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\clh7714.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\cmj7D17.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\cmu7914.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\ERDNT\cache\svchost.exe (FakeMS) -> Quarantined and deleted successfully.

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:14 AM

Posted 12 September 2011 - 05:02 PM

We're doing to have to check that MBAM deleted the worm files on reboot.

Please rerun MBAM and post the log.
Posted Image
m0le is a proud member of UNITE

#10 EGreen6001

EGreen6001
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 12 September 2011 - 08:21 PM

This is the new log..My laptop has to restart again...

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7697

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/12/2011 8:21:01 PM
mbam-log-2011-09-12 (20-21-01).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 430798
Time elapsed: 1 hour(s), 17 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 7
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 32

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\Temp\zma79FF.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\fvaD336.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\ina8352.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\axfE606.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\yna82F4.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\vufC8D5.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\lbf106F.tmp (Worm.Parite) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\zma79FF.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\fvaD336.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\ina8352.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\axfE606.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\yna82F4.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\vufC8D5.tmp (Worm.Parite) -> Delete on reboot.
c:\Windows\Temp\lbf106F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Users\Administrator\AppData\Local\temp\usfBBCB.tmp (Worm.Parite) -> Delete on reboot.
c:\Users\Administrator\AppData\Local\temp\vsfBBDA.tmp (Worm.Parite) -> Delete on reboot.
c:\Users\Administrator\AppData\Local\temp\jsfBB5F.tmp (Worm.Parite) -> Delete on reboot.
c:\Users\Administrator\AppData\Local\temp\jsfBB5E.tmp (Worm.Parite) -> Delete on reboot.
c:\Users\Administrator\AppData\Local\temp\wtfC2DC.tmp (Worm.Parite) -> Delete on reboot.
c:\Users\Administrator\AppData\Local\temp\itfC156.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Users\Administrator\AppData\Local\temp\rsfBBAC.tmp (Worm.Parite) -> Delete on reboot.
c:\Users\Administrator\AppData\Local\temp\otfC08C.tmp (Worm.Parite) -> Delete on reboot.
c:\Users\administrator\AppData\Local\temp\rsfBDAE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\temp\jsfBB60.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\temp\ksfBB6D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\temp\ktfBE6A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\nbf1188.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\nkn6A87.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ooc8C95.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wkn68E2.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\wkn68E3.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\xvaD2E8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ync8BF9.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\ywgDCF1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\evaD22C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\evfD42B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\mbf1178.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\cvfDB1D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
c:\Windows\Temp\jmi7A5E.tmp (Worm.Parite) -> Quarantined and deleted successfully.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:14 AM

Posted 13 September 2011 - 01:54 PM

As I suspected MBAM isn't dealing with this threat.

Please run Combofix, which is more powerful

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#12 EGreen6001

EGreen6001
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 13 September 2011 - 11:11 PM

ComboFix.txt

ComboFix 11-09-13.04 - Administrator 09/13/2011 21:43:32.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1844 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ADMINI~1\AppData\Local\Temp\efa3AED.tmp
c:\users\Administrator\AppData\Local\temp\efa3AED.tmp
c:\users\Owner\Documents\003.AVI
c:\users\Owner\Documents\009.jpg
c:\users\Owner\ppt
c:\users\Owner\ppt\_rels\presentation.xml.rels
c:\users\Owner\ppt\commentAuthors.xml
c:\users\Owner\ppt\handoutMasters\_rels\handoutMaster1.xml.rels
c:\users\Owner\ppt\handoutMasters\handoutMaster1.xml
c:\users\Owner\ppt\HTV\HTV.chm
c:\users\Owner\ppt\HTV\menu.gif
c:\users\Owner\ppt\HTV\qs.html
c:\users\Owner\ppt\HTV\tray.gif
c:\users\Owner\ppt\HTV\Uninstall.exe
c:\users\Owner\ppt\media\image1.jpeg
c:\users\Owner\ppt\media\image2.jpeg
c:\users\Owner\ppt\media\image3.wmf
c:\users\Owner\ppt\media\image4.jpeg
c:\users\Owner\ppt\media\image5.jpeg
c:\users\Owner\ppt\media\image6.jpeg
c:\users\Owner\ppt\media\image7.jpeg
c:\users\Owner\ppt\media\image8.jpeg
c:\users\Owner\ppt\media\image9.jpeg
c:\users\Owner\ppt\notesMasters\_rels\notesMaster1.xml.rels
c:\users\Owner\ppt\notesMasters\notesMaster1.xml
c:\users\Owner\ppt\notesSlides\_rels\notesSlide1.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide10.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide11.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide12.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide13.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide14.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide15.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide16.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide17.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide18.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide19.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide2.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide20.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide21.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide22.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide23.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide24.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide25.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide26.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide27.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide28.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide29.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide3.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide30.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide31.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide32.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide33.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide34.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide35.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide36.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide4.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide5.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide6.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide7.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide8.xml.rels
c:\users\Owner\ppt\notesSlides\_rels\notesSlide9.xml.rels
c:\users\Owner\ppt\notesSlides\notesSlide1.xml
c:\users\Owner\ppt\notesSlides\notesSlide10.xml
c:\users\Owner\ppt\notesSlides\notesSlide11.xml
c:\users\Owner\ppt\notesSlides\notesSlide12.xml
c:\users\Owner\ppt\notesSlides\notesSlide13.xml
c:\users\Owner\ppt\notesSlides\notesSlide14.xml
c:\users\Owner\ppt\notesSlides\notesSlide15.xml
c:\users\Owner\ppt\notesSlides\notesSlide16.xml
c:\users\Owner\ppt\notesSlides\notesSlide17.xml
c:\users\Owner\ppt\notesSlides\notesSlide18.xml
c:\users\Owner\ppt\notesSlides\notesSlide19.xml
c:\users\Owner\ppt\notesSlides\notesSlide2.xml
c:\users\Owner\ppt\notesSlides\notesSlide20.xml
c:\users\Owner\ppt\notesSlides\notesSlide21.xml
c:\users\Owner\ppt\notesSlides\notesSlide22.xml
c:\users\Owner\ppt\notesSlides\notesSlide23.xml
c:\users\Owner\ppt\notesSlides\notesSlide24.xml
c:\users\Owner\ppt\notesSlides\notesSlide25.xml
c:\users\Owner\ppt\notesSlides\notesSlide26.xml
c:\users\Owner\ppt\notesSlides\notesSlide27.xml
c:\users\Owner\ppt\notesSlides\notesSlide28.xml
c:\users\Owner\ppt\notesSlides\notesSlide29.xml
c:\users\Owner\ppt\notesSlides\notesSlide3.xml
c:\users\Owner\ppt\notesSlides\notesSlide30.xml
c:\users\Owner\ppt\notesSlides\notesSlide31.xml
c:\users\Owner\ppt\notesSlides\notesSlide32.xml
c:\users\Owner\ppt\notesSlides\notesSlide33.xml
c:\users\Owner\ppt\notesSlides\notesSlide34.xml
c:\users\Owner\ppt\notesSlides\notesSlide35.xml
c:\users\Owner\ppt\notesSlides\notesSlide36.xml
c:\users\Owner\ppt\notesSlides\notesSlide4.xml
c:\users\Owner\ppt\notesSlides\notesSlide5.xml
c:\users\Owner\ppt\notesSlides\notesSlide6.xml
c:\users\Owner\ppt\notesSlides\notesSlide7.xml
c:\users\Owner\ppt\notesSlides\notesSlide8.xml
c:\users\Owner\ppt\notesSlides\notesSlide9.xml
c:\users\Owner\ppt\presentation.xml
c:\users\Owner\ppt\presProps.xml
c:\users\Owner\ppt\slideLayouts\_rels\slideLayout1.xml.rels
c:\users\Owner\ppt\slideLayouts\_rels\slideLayout10.xml.rels
c:\users\Owner\ppt\slideLayouts\_rels\slideLayout11.xml.rels
c:\users\Owner\ppt\slideLayouts\_rels\slideLayout12.xml.rels
c:\users\Owner\ppt\slideLayouts\_rels\slideLayout13.xml.rels
c:\users\Owner\ppt\slideLayouts\_rels\slideLayout2.xml.rels
c:\users\Owner\ppt\slideLayouts\_rels\slideLayout3.xml.rels
c:\users\Owner\ppt\slideLayouts\_rels\slideLayout4.xml.rels
c:\users\Owner\ppt\slideLayouts\_rels\slideLayout5.xml.rels
c:\users\Owner\ppt\slideLayouts\_rels\slideLayout6.xml.rels
c:\users\Owner\ppt\slideLayouts\_rels\slideLayout7.xml.rels
c:\users\Owner\ppt\slideLayouts\_rels\slideLayout8.xml.rels
c:\users\Owner\ppt\slideLayouts\_rels\slideLayout9.xml.rels
c:\users\Owner\ppt\slideLayouts\slideLayout1.xml
c:\users\Owner\ppt\slideLayouts\slideLayout10.xml
c:\users\Owner\ppt\slideLayouts\slideLayout11.xml
c:\users\Owner\ppt\slideLayouts\slideLayout12.xml
c:\users\Owner\ppt\slideLayouts\slideLayout13.xml
c:\users\Owner\ppt\slideLayouts\slideLayout2.xml
c:\users\Owner\ppt\slideLayouts\slideLayout3.xml
c:\users\Owner\ppt\slideLayouts\slideLayout4.xml
c:\users\Owner\ppt\slideLayouts\slideLayout5.xml
c:\users\Owner\ppt\slideLayouts\slideLayout6.xml
c:\users\Owner\ppt\slideLayouts\slideLayout7.xml
c:\users\Owner\ppt\slideLayouts\slideLayout8.xml
c:\users\Owner\ppt\slideLayouts\slideLayout9.xml
c:\users\Owner\ppt\slideMasters\_rels\slideMaster1.xml.rels
c:\users\Owner\ppt\slideMasters\slideMaster1.xml
c:\users\Owner\ppt\slides\_rels\slide1.xml.rels
c:\users\Owner\ppt\slides\_rels\slide10.xml.rels
c:\users\Owner\ppt\slides\_rels\slide11.xml.rels
c:\users\Owner\ppt\slides\_rels\slide12.xml.rels
c:\users\Owner\ppt\slides\_rels\slide13.xml.rels
c:\users\Owner\ppt\slides\_rels\slide14.xml.rels
c:\users\Owner\ppt\slides\_rels\slide15.xml.rels
c:\users\Owner\ppt\slides\_rels\slide16.xml.rels
c:\users\Owner\ppt\slides\_rels\slide17.xml.rels
c:\users\Owner\ppt\slides\_rels\slide18.xml.rels
c:\users\Owner\ppt\slides\_rels\slide19.xml.rels
c:\users\Owner\ppt\slides\_rels\slide2.xml.rels
c:\users\Owner\ppt\slides\_rels\slide20.xml.rels
c:\users\Owner\ppt\slides\_rels\slide21.xml.rels
c:\users\Owner\ppt\slides\_rels\slide22.xml.rels
c:\users\Owner\ppt\slides\_rels\slide23.xml.rels
c:\users\Owner\ppt\slides\_rels\slide24.xml.rels
c:\users\Owner\ppt\slides\_rels\slide25.xml.rels
c:\users\Owner\ppt\slides\_rels\slide26.xml.rels
c:\users\Owner\ppt\slides\_rels\slide27.xml.rels
c:\users\Owner\ppt\slides\_rels\slide28.xml.rels
c:\users\Owner\ppt\slides\_rels\slide29.xml.rels
c:\users\Owner\ppt\slides\_rels\slide3.xml.rels
c:\users\Owner\ppt\slides\_rels\slide30.xml.rels
c:\users\Owner\ppt\slides\_rels\slide31.xml.rels
c:\users\Owner\ppt\slides\_rels\slide32.xml.rels
c:\users\Owner\ppt\slides\_rels\slide33.xml.rels
c:\users\Owner\ppt\slides\_rels\slide34.xml.rels
c:\users\Owner\ppt\slides\_rels\slide35.xml.rels
c:\users\Owner\ppt\slides\_rels\slide36.xml.rels
c:\users\Owner\ppt\slides\_rels\slide4.xml.rels
c:\users\Owner\ppt\slides\_rels\slide5.xml.rels
c:\users\Owner\ppt\slides\_rels\slide6.xml.rels
c:\users\Owner\ppt\slides\_rels\slide7.xml.rels
c:\users\Owner\ppt\slides\_rels\slide8.xml.rels
c:\users\Owner\ppt\slides\_rels\slide9.xml.rels
c:\users\Owner\ppt\slides\slide1.xml
c:\users\Owner\ppt\slides\slide10.xml
c:\users\Owner\ppt\slides\slide11.xml
c:\users\Owner\ppt\slides\slide12.xml
c:\users\Owner\ppt\slides\slide13.xml
c:\users\Owner\ppt\slides\slide14.xml
c:\users\Owner\ppt\slides\slide15.xml
c:\users\Owner\ppt\slides\slide16.xml
c:\users\Owner\ppt\slides\slide17.xml
c:\users\Owner\ppt\slides\slide18.xml
c:\users\Owner\ppt\slides\slide19.xml
c:\users\Owner\ppt\slides\slide2.xml
c:\users\Owner\ppt\slides\slide20.xml
c:\users\Owner\ppt\slides\slide21.xml
c:\users\Owner\ppt\slides\slide22.xml
c:\users\Owner\ppt\slides\slide23.xml
c:\users\Owner\ppt\slides\slide24.xml
c:\users\Owner\ppt\slides\slide25.xml
c:\users\Owner\ppt\slides\slide26.xml
c:\users\Owner\ppt\slides\slide27.xml
c:\users\Owner\ppt\slides\slide28.xml
c:\users\Owner\ppt\slides\slide29.xml
c:\users\Owner\ppt\slides\slide3.xml
c:\users\Owner\ppt\slides\slide30.xml
c:\users\Owner\ppt\slides\slide31.xml
c:\users\Owner\ppt\slides\slide32.xml
c:\users\Owner\ppt\slides\slide33.xml
c:\users\Owner\ppt\slides\slide34.xml
c:\users\Owner\ppt\slides\slide35.xml
c:\users\Owner\ppt\slides\slide36.xml
c:\users\Owner\ppt\slides\slide4.xml
c:\users\Owner\ppt\slides\slide5.xml
c:\users\Owner\ppt\slides\slide6.xml
c:\users\Owner\ppt\slides\slide7.xml
c:\users\Owner\ppt\slides\slide8.xml
c:\users\Owner\ppt\slides\slide9.xml
c:\users\Owner\ppt\tableStyles.xml
c:\users\Owner\ppt\theme\theme1.xml
c:\users\Owner\ppt\theme\theme2.xml
c:\users\Owner\ppt\theme\theme3.xml
c:\users\Owner\ppt\viewProps.xml
c:\windows\TEMP\kla7167.tmp
c:\windows\TEMP\lma7972.tmp
c:\windows\TEMP\sla70BC.tmp
c:\windows\TEMP\sma7DB8.tmp
c:\windows\TEMP\ula75CB.tmp
c:\windows\TEMP\yla76F3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-08-14 to 2011-09-14 )))))))))))))))))))))))))))))))
.
.
2011-09-14 02:55 . 2011-09-14 02:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-09-14 02:55 . 2011-09-14 02:55 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-09-14 02:55 . 2011-09-14 03:02 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-09-14 02:55 . 2011-09-14 02:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-09-14 02:55 . 2011-09-14 02:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-13 04:21 . 2011-09-13 04:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\GetRightToGo
2011-09-12 06:26 . 2011-09-12 06:26 -------- d-----w- C:\_OTL
2011-09-12 04:51 . 2011-09-12 04:51 -------- d-----w- c:\program files\HackerPro
2011-09-12 04:42 . 2011-09-12 04:42 -------- d-----w- c:\program files\Windows Password Finder
2011-09-09 06:51 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{791E5559-526B-4A94-BF70-884A8418A9B3}\mpengine.dll
2011-09-04 17:30 . 2011-09-04 17:30 -------- d-----w- c:\users\Administrator\AppData\Roaming\OpenOffice.org
2011-09-01 06:57 . 2011-09-01 06:57 -------- d-----w- c:\users\Administrator\AppData\Local\PackageAware
2011-08-30 06:05 . 2011-08-30 06:07 -------- d-----w- c:\users\Administrator\AppData\Roaming\HPAppData
2011-08-28 16:01 . 2011-08-28 16:01 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
2011-08-28 16:01 . 2011-08-28 16:01 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
2011-08-28 16:01 . 2011-08-28 16:01 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2011-08-28 16:01 . 2011-08-28 16:01 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2011-08-28 16:01 . 2011-08-28 16:01 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
2011-08-28 16:01 . 2011-08-28 16:01 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
2011-08-26 05:11 . 2011-08-26 05:11 -------- d-----w- c:\program files\Common Files\Java
2011-08-24 04:11 . 2011-08-24 04:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\f-secure
2011-08-24 04:11 . 2011-08-24 04:11 -------- d-----w- c:\programdata\F-Secure
2011-08-24 04:01 . 2011-08-12 05:57 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-24 04:01 . 2011-08-12 05:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-24 04:01 . 2011-08-12 05:57 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-24 04:01 . 2011-08-12 05:57 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-24 04:01 . 2011-08-12 05:57 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-24 04:01 . 2011-08-12 05:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-24 04:01 . 2011-08-12 03:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-24 04:01 . 2011-08-12 03:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-24 00:51 . 2011-08-24 00:51 -------- d-----w- c:\program files\iPod
2011-08-24 00:50 . 2011-08-24 00:51 -------- d-----w- c:\program files\iTunes
2011-08-23 22:35 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 01:56 . 2011-08-23 01:56 -------- d-----w- c:\program files\ESET
2011-08-22 06:08 . 2011-08-22 06:08 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
2011-08-22 03:27 . 2011-08-22 03:27 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2011-08-22 03:27 . 2011-08-23 02:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-22 03:27 . 2011-08-22 03:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-22 01:34 . 2011-08-22 01:34 -------- d-----w- c:\windows\system32\syncdb
2011-08-22 01:21 . 2011-08-22 01:21 -------- d-----w- c:\users\Administrator\AppData\Local\VS Revo Group
2011-08-22 01:21 . 2009-12-30 16:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-08-22 01:21 . 2011-08-22 01:21 -------- d-----w- c:\program files\VS Revo Group
2011-08-21 18:35 . 2011-08-21 18:35 0 ---ha-w- c:\users\Administrator\AppData\Local\BIT6ED8.tmp
2011-08-21 18:20 . 2011-08-21 18:20 -------- d-----w- c:\users\Administrator\AppData\Local\Seven Zip
2011-08-18 14:56 . 2011-08-18 14:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2011-08-17 07:20 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-15 11:54 . 2011-08-15 11:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-26 05:10 . 2010-06-07 04:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-05 17:40 . 2011-08-05 17:40 3584 ----a-w- c:\windows\system32\drivers\UMDF\zh-TW\ZuneDriver.dll.mui
2011-08-05 17:40 . 2011-08-05 17:40 3584 ----a-w- c:\windows\system32\drivers\UMDF\zh-CN\ZuneDriver.dll.mui
2011-08-05 17:40 . 2011-08-05 17:40 6144 ----a-w- c:\windows\system32\drivers\UMDF\sv-SE\ZuneDriver.dll.mui
2011-08-05 17:40 . 2011-08-05 17:40 6144 ----a-w- c:\windows\system32\drivers\UMDF\ru-RU\ZuneDriver.dll.mui
2011-08-05 17:40 . 2011-08-05 17:40 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
2011-08-05 17:40 . 2011-08-05 17:40 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
2011-08-05 17:40 . 2011-08-05 17:40 6144 ----a-w- c:\windows\system32\drivers\UMDF\pl-PL\ZuneDriver.dll.mui
2011-08-05 17:40 . 2011-08-05 17:40 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
2011-08-05 17:40 . 2011-08-05 17:40 5632 ----a-w- c:\windows\system32\drivers\UMDF\nb-NO\ZuneDriver.dll.mui
2011-08-05 17:40 . 2011-08-05 17:40 6144 ----a-w- c:\windows\system32\drivers\UMDF\ms-MY\ZuneDriver.dll.mui
2011-08-05 17:40 . 2011-08-05 17:40 4096 ----a-w- c:\windows\system32\drivers\UMDF\ko-KR\ZuneDriver.dll.mui
2011-08-05 17:39 . 2011-08-05 17:39 4608 ----a-w- c:\windows\system32\drivers\UMDF\ja-JP\ZuneDriver.dll.mui
2011-08-05 17:39 . 2011-08-05 17:39 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
2011-08-05 17:39 . 2011-08-05 17:39 6144 ----a-w- c:\windows\system32\drivers\UMDF\id-ID\ZuneDriver.dll.mui
2011-08-05 17:39 . 2011-08-05 17:39 6656 ----a-w- c:\windows\system32\drivers\UMDF\hu-HU\ZuneDriver.dll.mui
2011-08-05 17:39 . 2011-08-05 17:39 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
2011-08-05 17:39 . 2011-08-05 17:39 6144 ----a-w- c:\windows\system32\drivers\UMDF\fi-FI\ZuneDriver.dll.mui
2011-08-05 17:39 . 2011-08-05 17:39 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
2011-08-05 17:39 . 2011-08-05 17:39 6656 ----a-w- c:\windows\system32\drivers\UMDF\el-GR\ZuneDriver.dll.mui
2011-08-05 17:39 . 2011-08-05 17:39 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
2011-08-05 17:39 . 2011-08-05 17:39 6144 ----a-w- c:\windows\system32\drivers\UMDF\da-DK\ZuneDriver.dll.mui
2011-08-05 17:39 . 2011-08-05 17:39 5632 ----a-w- c:\windows\system32\drivers\UMDF\cs-CZ\ZuneDriver.dll.mui
2011-08-05 17:26 . 2011-08-05 17:26 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
2011-07-12 17:20 . 2011-07-12 17:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 17:20 . 2011-07-12 17:20 261598 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-07 00:52 . 2009-06-07 02:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2009-06-07 02:46 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 15:31 . 2011-08-13 04:42 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-06 00:37 . 2011-07-06 00:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-06 00:37 . 2011-07-06 00:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-23 06:43 . 2011-06-23 06:43 1068216 ----a-w- c:\windows\system32\drivers\wcmvcam.sys
2011-06-20 08:54 . 2011-08-11 08:12 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54 . 2011-08-11 08:12 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13 . 2011-08-11 08:09 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 16:03 . 2011-08-13 04:42 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-12 05:57 . 2011-08-24 04:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-21 16:13 . 2009-12-10 23:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-08-24 19:57 . 2010-02-22 04:47 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2541016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
"ooVoo.exe"="c:\program files\oovoo\oovoo.exe" [2011-08-14 21975120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 648672]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 382428]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 669142]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 390616]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-21 207834]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 226780]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 213470]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"msps"="c:\program files\msps\msps.exe" [2008-08-28 1036256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 239066]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-15 382432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 599510]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 432596]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2011-08-14 21975120]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 561630]
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2011-8-7 656856]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 394718]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-11 1164764]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 213470 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-07-10 22:27 349662 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 226780 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-07-10 22:27 329178 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 17:13 2541016 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-07-10 22:27 325080 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 390620 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11 390620 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11 390626 ------w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 390620 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 308190]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 313302]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-21 207834]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 313302]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-07 41272]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-01-29 96416]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 446424]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 931288]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 228826]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 546258]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [2011-06-23 1068216]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 374240]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\DRIVERS\OA004Ufd.sys [2008-06-03 144672]
S3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\DRIVERS\OA004Vid.sys [2008-07-17 269760]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-02 13312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11 632276 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 00:25]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 00:25]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1536971991-3487919783-3915485165-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-14 01:35]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1536971991-3487919783-3915485165-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-14 01:35]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1536971991-3487919783-3915485165-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2001-03-17 06:50]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1536971991-3487919783-3915485165-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2001-03-17 06:50]
.
2010-10-21 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-22 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=2159&gct=hp
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rr6dqej8.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-MSServices - c:\program files\Windows Password Finder\Reminder\MSServices.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,
1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}"=hex:51,66,7a,6c,4c,1d,38,12,28,b9,b1,
5e,21,d7,a9,08,e9,36,2a,eb,0a,ff,3e,f3
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}"=hex:51,66,7a,6c,4c,1d,38,12,91,e9,dd,
10,ef,d8,6f,04,d1,21,96,ac,d9,7d,87,e2
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:c0,f6,88,51,da,66,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,b3,61,46,05,7f,13,4b,91,a6,c1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,b3,61,46,05,7f,13,4b,91,a6,c1,\
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,12,
e5,6b,96,46,02,aa,39,d5,a9,2a,91,18,18
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,c8,
02,9c,b2,eb,0e,b0,94,b9,17,8f,69,f0,d8
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,df,
c1,74,fe,33,0f,a9,76,df,65,c2,82,c5,b2
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:63,a3,27,19,ab,5c,cc,01
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,64,61,35,77,64,19,40,95,1c,19,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,64,61,35,77,64,19,40,95,1c,19,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,64,61,35,77,64,19,40,95,1c,19,\
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Microsoft.Zune.2.M4A"
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Microsoft.Zune.2.M4B"
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Microsoft.Zune.2.M4V"
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mbr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Microsoft.Zune.2.MBR"
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Microsoft.Zune.2.MP3"
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Microsoft.Zune.2.MP4"
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\iexplore.exe"
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1536971991-3487919783-3915485165-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Microsoft.Zune.2.ZPL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.EXE'(3036)
c:\users\ADMINI~1\AppData\Local\Temp\xba11EA.tmp
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\wermgr.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-09-13 22:11:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-14 03:10
ComboFix2.txt 2010-03-04 18:23
ComboFix3.txt 2010-03-03 08:11
ComboFix4.txt 2010-03-02 07:36
ComboFix5.txt 2010-03-04 18:28
.
Pre-Run: 180,368,633,856 bytes free
Post-Run: 187,290,959,872 bytes free
.
- - End Of File - - 328B060E2FE86ED227325E7EB4FE3BED

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:14 AM

Posted 14 September 2011 - 05:37 PM

There's a file hooked to the explorer.exe file. It looks like the remaining temp files have been removed but we'll check soon.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

File::
c:\users\ADMINI~1\AppData\Local\Temp\xba11EA.tmp


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Now we need to use SystemLook. This could be a big log if the temp folder hasn't been emptied for some time so please run TFC first.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.


SystemLook next

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    c:\Windows\Temp\*.tmp
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posted Image
m0le is a proud member of UNITE

#14 EGreen6001

EGreen6001
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 14 September 2011 - 09:51 PM

It won't run, it has the following message pop up "Installer integrity check has failed. Common causes incomplete download and damaged media. Contact the installer's author to obtain a new copy.

More information at:
http://nsis.sf.net/NSIS_Error "

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:14 AM

Posted 15 September 2011 - 04:34 PM

It won't run


Sorry, what won't run?
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users