Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.vundo - iexplore.exe redirects


  • This topic is locked This topic is locked
1 reply to this topic

#1 veedub3

veedub3

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 05 October 2011 - 08:37 AM

I have been infected with I believe trojan.vundo. I was sent here for further help. Referred from here: http://www.bleepingcomputer.com/forums/topic421594.html ~ OB This morning I ran the DDS as instructed but the two notepad files never popped up as the directions stated. Also when attempting to run the GMER, I can not pick and chose which boxes to check/uncheck, they are all greyed out. Problem I am having is ieuser.exe and iexplorer.exe, opens by itself and redirects, then crashes. Need to know how to get the logs required for further help.

Thanks
Katrina

OK Finally able to supply the logs using OTL

OTL Logs

OTL logfile created on: 10/5/2011 6:14:32 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Mogul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 62.64% Memory free
6.08 Gb Paging File | 4.97 Gb Available in Paging File | 81.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.63 Gb Total Space | 146.77 Gb Free Space | 66.22% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.58 Gb Free Space | 14.00% Space Free | Partition Type: NTFS

Computer Name: MOGUL-PC | User Name: Mogul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/05 18:10:30 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Mogul\Desktop\OTL.exe
PRC - [2011/09/14 15:04:59 | 004,611,456 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/02 11:12:34 | 001,215,216 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files\Starfield\offSyncService.exe
PRC - [2010/05/28 04:40:36 | 000,276,328 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Digital Imaging\bin\hpqtra08.exe
PRC - [2010/05/28 03:27:22 | 000,174,952 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Digital Imaging\bin\hpqste08.exe
PRC - [2010/05/28 03:27:20 | 000,565,096 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Digital Imaging\bin\hpqbam08.exe
PRC - [2010/05/27 20:04:06 | 000,367,976 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/16 03:53:00 | 000,200,704 | ---- | M] (Oki Data Corporation) -- C:\Program Files\Okidata\Print Job Accounting\oklogsvc.exe
PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
PRC - [2003/10/22 02:00:00 | 000,049,152 | ---- | M] (Oki Data Corporation) -- C:\Program Files\Okidata\Print Job Accounting\okwchsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/05 08:58:41 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/10/05 08:58:41 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/03 11:14:32 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/10/03 11:14:32 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/08/28 17:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (wampmysqld)
SRV - File not found [On_Demand | Stopped] -- -- (wampapache)
SRV - [2011/09/22 11:45:52 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/02/02 11:12:34 | 001,215,216 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files\Starfield\offSyncService.exe -- (File Backup)
SRV - [2010/05/28 04:40:36 | 000,254,824 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2010/05/28 03:46:46 | 000,138,600 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/12/16 03:53:00 | 000,200,704 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Program Files\Okidata\Print Job Accounting\oklogsvc.exe -- (OkiJaSvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2003/10/22 02:00:00 | 000,049,152 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Program Files\Okidata\Print Job Accounting\okwchsvc.exe -- (OkiWchSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/10/05 09:23:44 | 000,100,864 | ---- | M] (GMER) [Kernel | On_Demand | Running] -- C:\Users\Mogul\AppData\Local\Temp\uwloypog.sys -- (uwloypog)
DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/18 13:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/03/18 13:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/04/16 17:03:39 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/09/27 02:51:00 | 007,478,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/10 08:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 08:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/09 20:58:08 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008/09/04 07:34:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/08/20 12:09:04 | 000,093,544 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\StarPortLite.sys -- (StarPortLite) StarPort Storage Controller (Lite)
DRV - [2008/08/01 08:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/21 12:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 12:12:22 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 05:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 22:23:27 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mf.sys -- (mf)
DRV - [2007/06/25 16:14:32 | 000,076,288 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2rs.sys -- (Ser2rs)
DRV - [2006/12/19 07:22:36 | 000,081,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NmPar.sys -- (NmPar)
DRV - [2006/12/19 07:20:42 | 000,063,488 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NmSerial.sys -- (nmserial)
DRV - [2005/11/15 11:54:56 | 000,036,896 | ---- | M] (Oki Data Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\opaplpt.sys -- (Opaplpt)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2003/01/20 12:50:36 | 000,020,648 | ---- | M] (Thomson Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netrcacm.sys -- (netrcacm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-901875725-1277980850-963170839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-901875725-1277980850-963170839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-901875725-1277980850-963170839-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\Quicktime\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Mogul\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Mogul\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Mogul\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: H:\Browsers\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: H:\Browsers\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Mogul\AppData\Roaming\Move Networks [2011/02/13 18:32:27 | 000,000,000 | ---D | M]

[2010/10/02 12:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mogul\AppData\Roaming\Mozilla\Extensions
[2010/10/02 12:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mogul\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/06/24 07:35:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Online File Folder plugin 1.0.0.18 (Enabled) = C:\Users\Mogul\AppData\Roaming\Mozilla\plugins\npoff.dll
CHR - plugin: Web-Based Email plug-in 1.0.0.14 (Enabled) = C:\Users\Mogul\AppData\Roaming\Mozilla\plugins\npwbe.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Mogul\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Mogul\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

O1 HOSTS File: ([2011/02/26 09:39:24 | 000,000,819 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - F:\Program Files\Adobe CS4\/Adobe Contribute CS4/contributeieplugin.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - F:\Program Files\Adobe CS4\/Adobe Contribute CS4/contributeieplugin.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-901875725-1277980850-963170839-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-901875725-1277980850-963170839-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-901875725-1277980850-963170839-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] "H:\Program Files\Quicktime\iTunesHelper.exe" File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-901875725-1277980850-963170839-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-901875725-1277980850-963170839-1000..\Run: [cdloader] C:\Users\Mogul\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-901875725-1277980850-963170839-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-901875725-1277980850-963170839-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D268137-E37D-415F-BCE5-95EFF1F7D50E}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\aflowq.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\aflowq.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3cf48048-7309-11df-92bb-002197221289}\Shell\AutoRun\command - "" = G:\Info.exe folder.htt 480 480
O33 - MountPoints2\{6cd9b8a3-ef51-11e0-871c-002197221289}\Shell - "" = AutoRun
O33 - MountPoints2\{6cd9b8a3-ef51-11e0-871c-002197221289}\Shell\AutoRun\command - "" = G:\PcOptions.exe
O33 - MountPoints2\{8b0d72d2-09e0-11de-9ceb-00219742362f}\Shell - "" = AutoRun
O33 - MountPoints2\{8b0d72d2-09e0-11de-9ceb-00219742362f}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{cb2fb485-a0c1-11e0-bb63-002197221289}\Shell - "" = AutoRun
O33 - MountPoints2\{cb2fb485-a0c1-11e0-bb63-002197221289}\Shell\AutoRun\command - "" = J:\PcOptions.exe
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\I\Shell\phone\command - "" = I:\autorun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/05 18:10:29 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Mogul\Desktop\OTL.exe
[2011/10/05 08:54:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mogul\Desktop\dds.scr
[2011/10/04 11:01:37 | 384,656,464 | ---- | C] (Acresso Software Inc.) -- C:\Users\Mogul\Desktop\CorelDRAWGraphicsSuiteX4Installer_EN.exe
[2011/10/04 10:11:01 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/04 10:11:00 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/04 10:10:59 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/10/04 10:10:59 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/04 10:10:59 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/04 10:10:59 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/10/04 10:10:59 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/03 14:46:57 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Mogul\Desktop\esetsmartinstaller_enu.exe
[2011/10/03 14:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/03 11:14:01 | 000,000,000 | ---D | C] -- C:\Users\Mogul\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/03 11:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/10/03 11:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/03 11:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/01 14:46:55 | 014,921,672 | ---- | C] (Microsoft Corporation) -- C:\Users\Mogul\Desktop\windows-kb890830-v4.0.exe
[2011/10/01 11:50:26 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/10/01 11:50:26 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/10/01 11:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/10/01 11:50:24 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/10/01 11:50:23 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/10/01 11:50:23 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/10/01 11:50:23 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/10/01 11:50:03 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/10/01 11:50:02 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/10/01 11:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/10/01 11:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/30 18:22:55 | 000,000,000 | ---D | C] -- C:\Users\Mogul\AppData\Roaming\Malwarebytes
[2011/09/30 18:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/30 18:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/30 18:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/30 18:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/30 09:53:13 | 000,000,000 | -H-D | C] -- C:\Users\Mogul\AppData\Local\CrashDumps
[2011/09/29 15:29:40 | 000,000,000 | ---D | C] -- C:\Users\Mogul\AppData\Roaming\DriverCure
[2011/09/29 15:29:39 | 000,000,000 | ---D | C] -- C:\Users\Mogul\AppData\Roaming\ParetoLogic
[2011/09/29 15:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/09/25 16:51:49 | 000,000,000 | ---D | C] -- C:\Users\Mogul\Desktop\september
[2011/09/20 18:07:12 | 000,000,000 | ---D | C] -- C:\Users\Mogul\AppData\Roaming\AVG2012
[2011/09/19 15:11:33 | 000,000,000 | ---D | C] -- C:\Users\Mogul\Desktop\facebook_KH
[2011/09/19 10:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/09/15 16:11:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/07/23 21:24:31 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Mogul\AppData\Roaming\pcouffin.sys
[2009/05/14 06:25:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Program Files\atl71.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/05 18:10:30 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Mogul\Desktop\OTL.exe
[2011/10/05 18:08:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/05 17:49:43 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/05 17:49:43 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/05 17:47:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/05 13:42:03 | 000,602,416 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/05 13:42:03 | 000,120,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/05 11:46:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/05 08:54:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mogul\Desktop\dds.scr
[2011/10/05 08:53:41 | 000,000,020 | ---- | M] () -- C:\Users\Mogul\defogger_reenable
[2011/10/05 08:52:33 | 000,050,477 | ---- | M] () -- C:\Users\Mogul\Desktop\Defogger.exe
[2011/10/05 08:51:22 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/04 19:20:42 | 303,395,458 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/04 12:18:43 | 000,005,132 | ---- | M] () -- C:\Users\Mogul\Documents\cc_20111004_121838.reg
[2011/10/04 11:11:13 | 384,656,464 | ---- | M] (Acresso Software Inc.) -- C:\Users\Mogul\Desktop\CorelDRAWGraphicsSuiteX4Installer_EN.exe
[2011/10/03 15:02:47 | 001,681,429 | ---- | M] () -- C:\Users\Mogul\Desktop\tshirtprofits2009.pdf
[2011/10/03 14:47:02 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Mogul\Desktop\esetsmartinstaller_enu.exe
[2011/10/03 13:17:09 | 004,308,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/03 13:11:26 | 000,002,222 | ---- | M] () -- C:\Users\Mogul\Documents\registry backup 10 03 2011 important3.reg
[2011/10/03 13:09:55 | 000,001,740 | ---- | M] () -- C:\Users\Mogul\Documents\registry backup 10 03 important2.reg
[2011/10/03 13:08:33 | 000,008,404 | ---- | M] () -- C:\Users\Mogul\Documents\registry backup 10 03 2011 important1.reg
[2011/10/03 13:07:29 | 000,087,624 | ---- | M] () -- C:\Users\Mogul\Documents\registry backup 10 03 2011 important.reg
[2011/10/03 11:13:31 | 000,001,766 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/03 11:00:09 | 000,000,903 | ---- | M] () -- C:\Users\Mogul\Desktop\magicJack.lnk
[2011/10/02 16:54:56 | 000,380,805 | ---- | M] () -- C:\Users\Mogul\Desktop\MiniToolBox.exe
[2011/10/02 14:48:05 | 000,012,524 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/10/02 14:38:04 | 002,346,000 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/10/02 14:16:16 | 000,000,290 | ---- | M] () -- C:\Users\Mogul\Documents\registry backup 10 02 2011.reg
[2011/10/02 14:15:22 | 000,010,542 | ---- | M] () -- C:\Users\Mogul\Documents\registry backup 10 02 2011 important.reg
[2011/10/02 14:02:19 | 000,000,909 | ---- | M] () -- C:\Users\Mogul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/01 14:54:08 | 000,000,290 | ---- | M] () -- C:\Users\Mogul\Documents\registry backup 10 1 2011 important1.reg
[2011/10/01 14:52:55 | 000,014,408 | ---- | M] () -- C:\Users\Mogul\Documents\registry backup 10 1 2011 important.reg
[2011/10/01 14:47:48 | 014,921,672 | ---- | M] (Microsoft Corporation) -- C:\Users\Mogul\Desktop\windows-kb890830-v4.0.exe
[2011/10/01 11:50:26 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/10/01 11:50:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/09/30 18:22:34 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/30 18:02:12 | 000,001,921 | ---- | M] () -- C:\Users\Mogul\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/30 13:00:42 | 000,001,356 | ---- | M] () -- C:\Users\Mogul\AppData\Local\d3d9caps.dat
[2011/09/30 12:35:24 | 000,000,290 | ---- | M] () -- C:\Users\Mogul\Documents\registry backup 09 26 2011.reg
[2011/09/30 12:34:00 | 000,015,842 | ---- | M] () -- C:\Users\Mogul\Documents\registry backup 9 25 2011.reg
[2011/09/29 05:32:48 | 000,089,200 | ---- | M] () -- C:\Users\Mogul\Desktop\933_0.jpg
[2011/09/29 05:32:48 | 000,083,964 | ---- | M] () -- C:\Users\Mogul\Desktop\836_0.jpg
[2011/09/29 05:32:48 | 000,069,007 | ---- | M] () -- C:\Users\Mogul\Desktop\995_0.jpg
[2011/09/29 05:32:48 | 000,044,076 | ---- | M] () -- C:\Users\Mogul\Desktop\894_0.jpg
[2011/09/29 05:32:48 | 000,038,112 | ---- | M] () -- C:\Users\Mogul\Desktop\993_0.jpg
[2011/09/29 05:32:48 | 000,031,792 | ---- | M] () -- C:\Users\Mogul\Desktop\895_0.jpg
[2011/09/26 11:26:47 | 000,001,751 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011/09/23 14:45:26 | 000,000,290 | ---- | M] () -- C:\Users\Mogul\Documents\cc_20110923_144523.reg
[2011/09/23 14:43:18 | 000,001,780 | ---- | M] () -- C:\Users\Mogul\Documents\cc_20110923_144314.reg
[2011/09/21 11:54:52 | 000,002,754 | ---- | M] () -- C:\Users\Mogul\AppData\Roaming\wklnhst.dat
[2011/09/20 18:02:08 | 000,000,650 | ---- | M] () -- C:\Users\Mogul\Documents\cc_20110920_180206.reg
[2011/09/20 18:01:30 | 000,015,358 | ---- | M] () -- C:\Users\Mogul\Documents\registry backup 09 18 2011.reg
[2011/09/20 17:49:51 | 000,000,290 | ---- | M] () -- C:\Users\Mogul\Documents\cc_20110920_174948.reg
[2011/09/20 17:49:23 | 000,002,048 | ---- | M] () -- C:\Users\Mogul\Documents\cc_20110920_174919.reg
[2011/09/19 10:27:04 | 001,759,840 | ---- | M] () -- C:\Users\Mogul\Desktop\fax.pdf
[2011/09/14 16:15:28 | 000,000,290 | ---- | M] () -- C:\Users\Mogul\Documents\cc_20110914_161525.reg
[2011/09/14 16:14:32 | 000,003,220 | ---- | M] () -- C:\Users\Mogul\Documents\cc_20110914_161429.reg
[2011/09/14 16:10:09 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/10 11:59:10 | 000,021,274 | ---- | M] () -- C:\Users\Mogul\Desktop\RA Conversion Chart for Fonts.pdf
[2011/09/06 16:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/09/06 16:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/09/06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/05 08:53:17 | 000,000,020 | ---- | C] () -- C:\Users\Mogul\defogger_reenable
[2011/10/05 08:52:33 | 000,050,477 | ---- | C] () -- C:\Users\Mogul\Desktop\Defogger.exe
[2011/10/04 19:20:42 | 303,395,458 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/04 12:18:41 | 000,005,132 | ---- | C] () -- C:\Users\Mogul\Documents\cc_20111004_121838.reg
[2011/10/03 15:02:44 | 001,681,429 | ---- | C] () -- C:\Users\Mogul\Desktop\tshirtprofits2009.pdf
[2011/10/03 13:11:21 | 000,002,222 | ---- | C] () -- C:\Users\Mogul\Documents\registry backup 10 03 2011 important3.reg
[2011/10/03 13:09:53 | 000,001,740 | ---- | C] () -- C:\Users\Mogul\Documents\registry backup 10 03 important2.reg
[2011/10/03 13:08:32 | 000,008,404 | ---- | C] () -- C:\Users\Mogul\Documents\registry backup 10 03 2011 important1.reg
[2011/10/03 13:07:24 | 000,087,624 | ---- | C] () -- C:\Users\Mogul\Documents\registry backup 10 03 2011 important.reg
[2011/10/03 11:13:31 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/02 16:54:55 | 000,380,805 | ---- | C] () -- C:\Users\Mogul\Desktop\MiniToolBox.exe
[2011/10/02 14:36:24 | 002,346,000 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/10/02 14:16:15 | 000,000,290 | ---- | C] () -- C:\Users\Mogul\Documents\registry backup 10 02 2011.reg
[2011/10/02 14:15:20 | 000,010,542 | ---- | C] () -- C:\Users\Mogul\Documents\registry backup 10 02 2011 important.reg
[2011/10/01 14:54:07 | 000,000,290 | ---- | C] () -- C:\Users\Mogul\Documents\registry backup 10 1 2011 important1.reg
[2011/10/01 14:52:53 | 000,014,408 | ---- | C] () -- C:\Users\Mogul\Documents\registry backup 10 1 2011 important.reg
[2011/10/01 11:50:26 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/30 18:22:34 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/30 18:02:12 | 000,001,937 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/30 18:02:12 | 000,001,921 | ---- | C] () -- C:\Users\Mogul\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/30 12:35:22 | 000,000,290 | ---- | C] () -- C:\Users\Mogul\Documents\registry backup 09 26 2011.reg
[2011/09/30 12:33:57 | 000,015,842 | ---- | C] () -- C:\Users\Mogul\Documents\registry backup 9 25 2011.reg
[2011/09/29 08:33:12 | 000,089,200 | ---- | C] () -- C:\Users\Mogul\Desktop\933_0.jpg
[2011/09/29 08:33:12 | 000,083,964 | ---- | C] () -- C:\Users\Mogul\Desktop\836_0.jpg
[2011/09/29 08:33:12 | 000,069,007 | ---- | C] () -- C:\Users\Mogul\Desktop\995_0.jpg
[2011/09/29 08:33:12 | 000,044,076 | ---- | C] () -- C:\Users\Mogul\Desktop\894_0.jpg
[2011/09/29 08:33:12 | 000,038,112 | ---- | C] () -- C:\Users\Mogul\Desktop\993_0.jpg
[2011/09/29 08:33:12 | 000,031,792 | ---- | C] () -- C:\Users\Mogul\Desktop\895_0.jpg
[2011/09/23 14:45:24 | 000,000,290 | ---- | C] () -- C:\Users\Mogul\Documents\cc_20110923_144523.reg
[2011/09/23 14:43:17 | 000,001,780 | ---- | C] () -- C:\Users\Mogul\Documents\cc_20110923_144314.reg
[2011/09/20 18:02:07 | 000,000,650 | ---- | C] () -- C:\Users\Mogul\Documents\cc_20110920_180206.reg
[2011/09/20 18:01:29 | 000,015,358 | ---- | C] () -- C:\Users\Mogul\Documents\registry backup 09 18 2011.reg
[2011/09/20 17:49:50 | 000,000,290 | ---- | C] () -- C:\Users\Mogul\Documents\cc_20110920_174948.reg
[2011/09/20 17:49:21 | 000,002,048 | ---- | C] () -- C:\Users\Mogul\Documents\cc_20110920_174919.reg
[2011/09/19 10:27:06 | 001,759,840 | ---- | C] () -- C:\Users\Mogul\Desktop\fax.pdf
[2011/09/14 16:15:26 | 000,000,290 | ---- | C] () -- C:\Users\Mogul\Documents\cc_20110914_161525.reg
[2011/09/14 16:14:31 | 000,003,220 | ---- | C] () -- C:\Users\Mogul\Documents\cc_20110914_161429.reg
[2011/09/10 11:59:09 | 000,021,274 | ---- | C] () -- C:\Users\Mogul\Desktop\RA Conversion Chart for Fonts.pdf
[2011/05/10 16:25:20 | 000,077,970 | ---- | C] () -- C:\Windows\hpqins05.dat
[2011/05/10 16:20:55 | 000,075,833 | ---- | C] () -- C:\Windows\hpqins01.dat
[2011/05/10 15:04:31 | 000,239,738 | ---- | C] () -- C:\Windows\hpwins05.dat
[2011/05/10 15:04:30 | 000,003,111 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2011/01/05 11:29:29 | 000,000,132 | ---- | C] () -- C:\Users\Mogul\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/12/26 14:01:24 | 000,001,456 | -H-- | C] () -- C:\Users\Mogul\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/12/14 20:32:49 | 000,000,132 | ---- | C] () -- C:\Users\Mogul\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/07/23 21:24:31 | 000,087,608 | ---- | C] () -- C:\Users\Mogul\AppData\Roaming\inst.exe
[2010/07/23 21:24:31 | 000,007,887 | ---- | C] () -- C:\Users\Mogul\AppData\Roaming\pcouffin.cat
[2010/07/23 21:24:31 | 000,001,144 | ---- | C] () -- C:\Users\Mogul\AppData\Roaming\pcouffin.inf
[2010/07/20 19:10:03 | 000,000,165 | ---- | C] () -- C:\Windows\fnerr.dat
[2010/05/21 15:51:56 | 000,000,046 | ---- | C] () -- C:\Users\Mogul\AppData\Roaming\Opusbext.dat
[2010/04/27 16:12:57 | 000,000,004 | ---- | C] () -- C:\Users\Mogul\AppData\Roaming\1243D7
[2010/04/27 16:12:56 | 000,870,128 | ---- | C] () -- C:\Users\Mogul\AppData\Roaming\mcs.rma
[2010/04/07 15:54:48 | 000,000,384 | -H-- | C] () -- C:\Users\Mogul\AppData\Local\Certificat.sm
[2010/02/12 14:04:11 | 000,044,544 | ---- | C] () -- C:\Windows\AWuninstall.exe
[2009/10/28 17:58:11 | 000,149,095 | ---- | C] () -- C:\Windows\hpwins05.dat.temp
[2009/10/28 17:58:11 | 000,004,785 | ---- | C] () -- C:\Windows\hpwmdl05.dat.temp
[2009/10/17 12:31:35 | 000,000,248 | RHS- | C] () -- C:\ProgramData\3FB2B745B1.sys
[2009/10/17 12:31:34 | 000,012,524 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/10/17 12:19:38 | 000,000,000 | ---- | C] () -- C:\Users\Mogul\AppData\Roaming\CopyToGo.dat
[2009/09/11 11:08:06 | 000,000,091 | ---- | C] () -- C:\Windows\System32\CADlink.ini
[2009/08/25 12:40:35 | 000,323,584 | ---- | C] () -- C:\Windows\System32\FoxImager.dll
[2009/07/14 09:57:37 | 000,000,008 | ---- | C] () -- C:\Windows\System32\442EFA3DC0.sys
[2009/07/14 09:54:46 | 000,003,610 | ---- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/06/16 12:51:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/16 12:51:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/18 21:00:00 | 000,154,624 | ---- | C] () -- C:\Users\Mogul\AppData\Roaming\SharedSettings.ccs
[2009/05/18 20:59:31 | 000,000,208 | ---- | C] () -- C:\Windows\System32\xpysys.dll
[2009/05/07 15:42:45 | 000,000,083 | ---- | C] () -- C:\Windows\EPSP1400.ini
[2009/05/04 10:40:46 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/05/04 10:40:46 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/05/04 10:40:46 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/05/04 10:40:46 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/05/04 10:40:46 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/05/04 10:40:46 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/05/04 10:40:46 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/05/04 10:40:46 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/05/04 10:40:46 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/05/04 10:40:46 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/05/04 10:40:46 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/05/04 10:40:46 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/05/04 10:40:46 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/05/04 10:40:46 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/05/04 10:40:46 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/05/04 10:40:46 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/04/27 18:32:33 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/04/27 18:31:35 | 000,006,211 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/04/16 19:47:51 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009/03/05 20:45:19 | 000,002,754 | ---- | C] () -- C:\Users\Mogul\AppData\Roaming\wklnhst.dat
[2009/03/01 16:07:42 | 000,194,560 | ---- | C] () -- C:\Users\Mogul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/24 19:12:30 | 000,001,356 | ---- | C] () -- C:\Users\Mogul\AppData\Local\d3d9caps.dat
[2009/02/24 18:52:11 | 000,016,050 | ---- | C] () -- C:\Windows\hpwscr05.dat
[2008/11/22 18:07:44 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/22 18:07:44 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/11/22 17:52:05 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/12/19 07:39:02 | 000,184,320 | ---- | C] () -- C:\Windows\System32\NmUninst.exe
[2006/12/19 07:22:22 | 000,008,192 | ---- | C] () -- C:\Windows\System32\NmCoInst.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 004,308,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,602,416 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,120,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/06/24 02:20:02 | 000,000,051 | ---- | C] () -- C:\Windows\System32\EAL32.INI
[2002/03/16 20:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000106.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0A8E2C33
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Extras Log

OTL Extras logfile created on: 10/5/2011 6:14:32 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Mogul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 62.64% Memory free
6.08 Gb Paging File | 4.97 Gb Available in Paging File | 81.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.63 Gb Total Space | 146.77 Gb Free Space | 66.22% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.58 Gb Free Space | 14.00% Space Free | Partition Type: NTFS

Computer Name: MOGUL-PC | User Name: Mogul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-901875725-1277980850-963170839-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A8FD32-13CD-46A1-9DBD-677CDD7C6884}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13B99ED7-1FB5-446F-9204-43746716E727}" = rport=137 | protocol=17 | dir=out | app=system |
"{1B770EED-C6BE-4F1C-9AE4-954D43AF11E0}" = lport=49171 | protocol=6 | dir=in | name=akamai netsession interface |
"{20689D5F-2336-4B4A-883D-9A1FCA686A96}" = rport=138 | protocol=17 | dir=out | app=system |
"{2CF89A45-0667-4626-B610-EF9747670CC0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe |
"{2DFCBF0D-7677-4E9C-AC9C-A31DD236DCEB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36ECB9A4-B413-4199-9EFD-5795D0B64F62}" = lport=139 | protocol=6 | dir=in | app=system |
"{40ED0BD9-8425-4689-8766-F6F406EF8D0A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4714D548-E8FD-4448-974A-4953BFAC3974}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B92D248-FE8B-4C9F-9B72-9FA97FC5F493}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{4FB97289-B00B-4538-B2D3-0822E3A1554B}" = rport=445 | protocol=6 | dir=out | app=system |
"{5E935766-042F-47BF-861C-345A7FB78929}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{666E3F8A-167F-45BA-8F16-655E16BF44C2}" = lport=137 | protocol=17 | dir=in | app=system |
"{6F10C8AD-F1CB-4E93-A73B-EAFA387703F6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{78839A05-0C31-4EB7-829D-E0977394C21E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8882B1C7-948A-4341-99D7-A7ADADFCCEB0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{90748D7D-D066-405C-ABEC-27AD4FB7E983}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B4FC38E2-B5EB-4D36-94E0-BE1AD0831E4D}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{CF39063B-4812-48B0-A079-420D735BBBA9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D1B5F3CC-74A5-4D53-84B5-EF7E5482CC78}" = lport=138 | protocol=17 | dir=in | app=system |
"{D712F25E-B05B-4E44-BB8B-90B8974FB3A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{E29F7020-3023-43E7-A5E6-2C7C74441BB5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{EC307B89-C4B0-4D54-A420-AD23548EFA1D}" = rport=139 | protocol=6 | dir=out | app=system |
"{ED802FFE-2759-4313-94F2-FD84119D7D0F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A99CDA-CB57-4400-AFC6-2EB07536DA1D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{00B81D6C-2970-43FC-8330-728BB7ABD95B}" = dir=in | app=c:\program files\digital imaging\bin\hpqfxt08.exe |
"{0843F19E-DFE5-4A8D-B8FB-C36BF3DC726D}" = protocol=6 | dir=in | app=j:\program files\pinacle studio\programs\umi.exe |
"{178EBE95-FA35-4C47-9887-30640D98B6AF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1875449A-3089-4BF0-BD4D-BD8257DA3FBD}" = protocol=6 | dir=in | app=j:\program files\pinacle studio\programs\studio.exe |
"{19763876-7F2A-4E66-9AC7-BCF44C7E5974}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1E65CA70-05D1-4503-BF4D-B9C4AABA39FE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1FAC6E23-D93A-419D-8082-8B83DAC56478}" = protocol=17 | dir=in | app=j:\program files\pinacle studio\programs\rm.exe |
"{255BF1C6-35CD-42F9-BF1C-16A310DAA97E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3F53A36E-81D9-4079-BEED-C08E0E248262}" = protocol=17 | dir=in | app=j:\program files\pinacle studio\programs\studio.exe |
"{4192DD6E-C16F-4871-846B-1C1EAB5CB9F7}" = dir=in | app=c:\program files\digital imaging\bin\hposid01.exe |
"{4C2F342D-FE93-418C-9821-9A911F7E7140}" = dir=in | app=c:\program files\digital imaging\bin\hpzwiz01.exe |
"{59303857-D966-4979-8931-76A81285694A}" = dir=in | app=c:\program files\digital imaging\bin\hpqtra08.exe |
"{60C3F095-A272-45ED-BF94-8547D5D2C8A3}" = dir=in | app=c:\program files\digital imaging\bin\hpofxm08.exe |
"{64040E7F-9C77-4CC2-94BE-123F67DB8925}" = dir=in | app=c:\program files\digital imaging\bin\hpoews01.exe |
"{6687FA66-8C08-4E85-BE9D-063FE547A455}" = dir=in | app=h:\program files\quicktime\itunes.exe |
"{867A54ED-0D67-4982-B251-EDA16ABF77D4}" = protocol=17 | dir=in | app=j:\program files\pinacle studio\programs\umi.exe |
"{88B5E35B-E4AE-472D-A0E5-0E3581016D8E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{89A6AD4B-4DB8-4E84-93C5-1A3413F2350C}" = dir=in | app=c:\program files\digital imaging\bin\hpqgplgtupl.exe |
"{8CDA6550-A7D3-468C-9247-101C37584C2F}" = dir=in | app=c:\program files\digital imaging\bin\hpqgpc01.exe |
"{9D44DC93-9BE1-45B3-903A-078008FD6035}" = protocol=6 | dir=in | app=j:\program files\pinacle studio\programs\rm.exe |
"{AC797DC1-8683-4CA3-89EF-DFCBAFB6D28B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B1FBFC8D-8B75-471C-9F83-A281AED05660}" = dir=in | app=c:\program files\digital imaging\bin\hpqkygrp.exe |
"{B3E6164B-91E4-4743-A1BC-78CA33E7EEEC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B73ED1B0-39CF-4168-ABC1-4450F671F627}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BDF00B97-054C-43FD-A03F-E82A4DE046AF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C3B3BC49-8ED3-431D-A8E5-3F65DABC19FB}" = dir=in | app=c:\program files\digital imaging\bin\hpfccopy.exe |
"{CC3B6E1E-65D0-411F-857F-1CBE6F25F81A}" = dir=in | app=c:\program files\digital imaging\bin\hpiscnapp.exe |
"{DAB3CFA0-C504-4D01-A1CD-5535A381DD09}" = dir=in | app=c:\program files\digital imaging\bin\hpqste08.exe |
"{DD636269-532F-41D0-91BD-7E4FE7CB06B8}" = dir=in | app=c:\program files\digital imaging\bin\hpofxs08.exe |
"{E5A53491-35F9-478B-8341-4EF137B82F94}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E9341518-E31D-466C-B021-3DE492A2AA9F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F36D90BE-5175-4C95-BCC8-664371633648}" = dir=in | app=c:\program files\digital imaging\bin\hposfx08.exe |
"TCP Query User{04371ED3-3B86-469D-AD6C-4970A7039972}C:\users\mogul\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\mogul\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{5675FA3E-71CC-4BD4-8BBB-0EB91C732426}J:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=j:\program files\limewire\limewire.exe |
"TCP Query User{759464FC-D688-4AA4-87B3-C8C092176DAC}C:\users\mogul\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\mogul\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{940A0569-FC2F-4A76-8E3E-D2DA63F4B5C9}H:\current files\wamp\bin\apache\apache2.2.17\bin\httpd.exe" = protocol=6 | dir=in | app=h:\current files\wamp\bin\apache\apache2.2.17\bin\httpd.exe |
"UDP Query User{2D080DA5-92A7-4BD4-886B-06E192170A16}J:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=j:\program files\limewire\limewire.exe |
"UDP Query User{4863A51B-1575-4901-AA76-E7EFE9067A80}C:\users\mogul\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\mogul\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{B3D85D7F-5A9C-4A89-A7C0-5C78D724B749}C:\users\mogul\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\mogul\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{DDE54B32-C8B2-433D-8933-DDDB08241FBD}H:\current files\wamp\bin\apache\apache2.2.17\bin\httpd.exe" = protocol=17 | dir=in | app=h:\current files\wamp\bin\apache\apache2.2.17\bin\httpd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware
"{04DB9640-A905-456C-96F5-F1EB80FEB5C9}" = ProductContext
"{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0890EE74-3F13-4F0C-8456-168122E9E758}" = Funtime Rhinestone
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1264AAF6-BE5D-4909-9238-2F3D2DC36808}" = OKI Print Job Accounting Client
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17190520-1717-11D5-A854-00105A80791C}" = OKI Print Job Accounting
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{214587D9-D38F-4049-8E9B-CDB0E72891D4}" = Funtime Rhinestone
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}" = C5150n - C5200n Series GDI Driver from OKIŽ Printing Solutions for Windows
"{2CD352BA-1F8A-4302-B972-2529E82A5679}" = Microsoft Live Search Toolbar
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30DFDFA8-2F6F-46DC-8529-CACE5E384755}" = WinPCSIGN Pro 2010
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4217FDB5-86AA-46FD-98F3-DEC9624CD49D}" = Funtime Rhinestone
"{47A54B4B-A4E6-4738-ADE8-75831FFBA0D2}" = C6100n from OKIŽ Printing Solutions PCL Printer Driver Version 2.0.2.0 for Windows Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BC77661-E0BA-4306-A5E3-B33E490310C9}" = WinPCSIGN Pro 2010
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EFF92ED-6DF2-4730-9E13-8BA87559C232}" = Web-Based Email Tools
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A960351B-B5F5-4A2F-8B03-24E7C7DD3CF4}" = Funtime Rhinestone
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD14CA3D-180A-4508-B3CB-05C5CD041DA0}" = WinPCSIGN Pro 2010
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DC4FADD2-ADC2-4EE8-A876-AC63BDD057FF}" = WinPCSIGN Pro 2010
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E116FF3A-5377-462A-9047-C1D911DA6311}" = HTML and XHTML Step by Step
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2DA9641-E358-4C24-B932-569CB46C2E7A}" = C6100n from OKIŽ Printing Solutions PS Printer Driver Version PPD 1.0 for Windows Vista
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F7D6816B-0D6A-479C-A1E3-37AA86BC8271}" = Job Accounting SERVER from OKIŽ Printing Solutions for Windows Operating Systems
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}" = DesignPro 5
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D Shadow by Lokas Software" = 3D Shadow by Lokas Software
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.1
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}" = DesignPro 5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MosChip Technology" = MosChip Multi-IO Controller
"MP3 Recorder Studio_is1" = MP3 Recorder Studio 6.0
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PIXresizer_is1" = PIXresizer
"rStones for CorelDraw_is1" = rStones for CorelDraw
"SignCut" = SignCut (remove only)
"Silent Package Run-Time Sample" = EPSON SP1400 Reference Guide
"The Rosetta Stone" = The Rosetta Stone
"WampServer 2_is1" = WampServer 2.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-901875725-1277980850-963170839-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AdvTshColorSelection" = AdvancedTshirts ColorSelection
"AdvTshFashionFactory" = AdvancedTshirts FashionFactory
"AdvTshSimpleChoke" = AdvancedTshirts SimpleChoke
"AdvTshSimpleDesigner" = AdvancedTshirts SimpleDesigner
"GoToMeeting" = GoToMeeting 4.8.0.721
"magicJack" = magicJack
"Move Media Player" = Move Media Player
"workspacedesktop" = Workspace Desktop

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Merged posts. ~ OB

Edited by Orange Blossom, 06 October 2011 - 01:42 AM.


BC AdBot (Login to Remove)

 


#2 veedub3

veedub3
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 08 October 2011 - 10:32 AM

This case can be closed now. I dropped the computer off at a local shop and they cleaned it up in less than an hour. I want to thank you guys/gals for the assistance you provided it is great to offer your services for free. You all are Rock Stars!

Thanks Again,
KaTari




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users