Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirected searches trexer fake as FUBAR


  • This topic is locked This topic is locked
19 replies to this topic

#1 mjb2010

mjb2010

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 22 November 2011 - 11:07 AM

Counldn't Run dds.scr
Hung after 10 minutes

Ran GMAR and received error Load Driver C:\windows\temp\uwlaypog.sys error code 0xc000010c cannot create a stable subkey under a volitile parent key

Couldn't check anything except services Registry and files
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-22 10:46:36
Windows 5.1.2600 Service Pack 3
Running: 9c4b6bwk.exe; Driver: C:\WINDOWS\temp\uwlyapog.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Mary Belot\Local Settings\Temporary Internet Files\Content.IE5\BT45LMZN\MantaRay4_5Local_cbsnews[1].htm 667 bytes
File C:\Documents and Settings\Mary Belot\Local Settings\Temporary Internet Files\Content.IE5\F1W4C8PY\MantaRay4_5Local_cbsnews[1].htm 0 bytes
File C:\Documents and Settings\Mary Belot\Local Settings\Temporary Internet Files\Content.IE5\F1W4C8PY\MantaRay4_5Local_cbsnews[2].htm 0 bytes

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  ark.txt   1.67KB   2 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 PM

Posted 27 November 2011 - 10:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Before I suggest any remedial tool I need more informatio from your system

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#3 mjb2010

mjb2010
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 27 November 2011 - 11:37 AM

I tried running aswmbr and tdsskiller and neither will run. I tried in safe mode also.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 PM

Posted 27 November 2011 - 02:15 PM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Try to run the tools I suggested in my previous post.

#5 mjb2010

mjb2010
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 27 November 2011 - 05:04 PM

Ran rkill.exe,,,went through preparing and then got a message camnot find c:/windows/temp/ rk server-log (not exact wording). I copied tdsskiller and answmbr to flash drive and tried to run them from that but don't run from there either

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 PM

Posted 28 November 2011 - 08:56 AM

Try to run this tool and post the logs.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


#7 mjb2010

mjb2010
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 28 November 2011 - 12:52 PM

Yeah!! Something ran.

OTL logfile created on: 11/28/2011 12:37:31 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mary Belot\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.08 Mb Total Physical Memory | 191.18 Mb Available Physical Memory | 38.08% Memory free
1.52 Gb Paging File | 0.61 Gb Available in Paging File | 39.94% Paging File free
Paging file location(s): C:\pagefile.sys 900 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.67 Gb Total Space | 9.51 Gb Free Space | 13.46% Space Free | Partition Type: NTFS

Computer Name: D3NDXZ61 | User Name: Mary Belot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mary Belot\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\WINDOWS\SYSTEM32\CSHelper.exe ()
PRC - C:\Program Files\Yahoo!\common\YMailAdvisor.exe (Yahoo! Inc.)
PRC - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\LogTransport2.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\SYSTEM32\UAService7.exe ()


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Program Files\Java\jre6\bin\jp2iexp.dll ()
MOD - C:\Program Files\Java\jre6\bin\jp2native.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\SYSTEM32\CSHelper.exe ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll ()
MOD - C:\Program Files\Amazon\Amazon Games & Software Downloader\utility.dll ()
MOD - C:\Program Files\Amazon\Amazon Games & Software Downloader\libexpat.dll ()
MOD - C:\WINDOWS\SYSTEM32\UAService7.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (gusvc) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (CSHelper) -- C:\WINDOWS\SYSTEM32\CSHelper.exe ()
SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (W3SVC) -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\SYSTEM32\p2pgasvc.dll (Microsoft Corporation)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (trioService) -- C:\Program Files\3D-Relax\Lightning Storm 3D Trial\trioService.exe ()
SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\WINDOWS\SYSTEM32\UAService7.exe ()


========== Driver Services (SafeList) ==========

DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\WINDOWS\SYSTEM32\DRIVERS\dc3d.sys (Microsoft Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SBRE) -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys (Sunbelt Software)
DRV - (PSI) -- C:\WINDOWS\SYSTEM32\DRIVERS\psi_mf.sys (Secunia)
DRV - (Tcpip6) -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (WinDriver6) -- C:\WINDOWS\SYSTEM32\DRIVERS\windrvr6.sys (Jungo)
DRV - (RMCAST) -- C:\WINDOWS\SYSTEM32\DRIVERS\rmcast.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\SYSTEM32\DRIVERS\mqac.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042mou.Sys (Logitech, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (CdaD10BA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CdaD10BA.SYS (Macrovision Europe Ltd)
DRV - (X4HSX32) -- C:\Program Files\Verizon Games on Demand Player\X4HSX32.sys (Exent Technologies Ltd.)
DRV - (hamachi_oem) -- C:\WINDOWS\SYSTEM32\DRIVERS\gan_adapter.sys (Applied Networking Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)
DRV - (bvrp_pci) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mary Belot\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mary Belot\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/06 07:39:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/03/10 09:04:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/09 06:32:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/14 13:01:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/16 11:20:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2011/11/14 13:01:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2011/11/16 11:20:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/06 07:39:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Mary Belot\Application Data\Move Networks [2010/08/10 09:46:22 | 000,000,000 | -H-D | M]

[2009/07/06 07:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Belot\Application Data\Mozilla\Extensions
[2011/11/21 19:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Belot\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/11/04 09:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Belot\Application Data\Mozilla\Firefox\Profiles\hmoltoiy.default\extensions
[2009/02/17 22:25:12 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Mary Belot\Application Data\Mozilla\Firefox\Profiles\hmoltoiy.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/09/28 08:38:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mary Belot\Application Data\Mozilla\Firefox\Profiles\hmoltoiy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/04 09:45:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Mary Belot\Application Data\Mozilla\Firefox\Profiles\hmoltoiy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/05 03:45:21 | 000,000,000 | ---D | M] (PriceGong) -- C:\Documents and Settings\Mary Belot\Application Data\Mozilla\Firefox\Profiles\hmoltoiy.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2010/05/24 14:15:00 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Mary Belot\Application Data\Mozilla\Firefox\Profiles\hmoltoiy.default\extensions\searchtoolbar@zugo.com
[2011/11/11 20:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/11 20:56:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/11/06 15:10:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/11 20:56:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/06/07 11:35:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/11/16 11:20:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011/11/16 11:20:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011/11/16 11:20:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011/11/16 11:20:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011/11/16 11:20:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011/11/16 11:20:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011/11/16 11:20:33 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2011/11/11 20:56:44 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/11/11 20:56:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 20:56:44 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/11/11 20:56:44 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/11/11 20:56:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011/11/11 20:56:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/11/11 20:56:44 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Mary Belot\Application Data\Move Networks\plugins\npqmp071505000010.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: PriceGong = C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.0_0\

O1 HOSTS File: ([2011/11/22 00:10:10 | 000,000,000 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn25\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn25\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn25\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn25\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\SYSTEM32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: adobe.com ([get] http in Trusted sites)
O15 - HKCU\..Trusted Domains: barnesandnoble.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cafemom.com ([games] http in Trusted sites)
O15 - HKCU\..Trusted Domains: e-rewards.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: globalepanel.com ([surveys] http in Trusted sites)
O15 - HKCU\..Trusted Domains: go.com ([abc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hpolsurveys.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ichotelsgroup.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: invokesolutions.com ([online] http in Trusted sites)
O15 - HKCU\..Trusted Domains: listenernetwork.com ([wowo] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mypoints.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pizzahut.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: questionmarket.com ([survey] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tracfone.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tracfone.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: worldwinner.com ([mypoints] http in Trusted sites)
O15 - HKCU\..Trusted Domains: worldwinner.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: wrinsiders.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([us.f325.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([us.mc01g.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([us.mc324.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: your2cents.com ([www] http in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\SYSTEM32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\Mary Belot\Application Data\iolo\)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 12:34:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Belot\Desktop\OTL.exe
[2011/11/27 11:30:05 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2011/11/27 11:28:41 | 001,916,416 | ---- | C] (AVAST Software) -- C:\WINDOWS\aswMBR.exe
[2011/11/27 11:25:28 | 001,916,416 | ---- | C] (AVAST Software) -- C:\aswMBR.exe
[2011/11/22 16:31:17 | 000,607,260 | R--- | C] (Swearware) -- C:\WINDOWS\dds.scr
[2011/11/22 10:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Belot\Desktop\gmer
[2011/11/22 09:11:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Mary Belot\Desktop\dds.scr
[2011/11/22 00:14:35 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/11/21 19:14:57 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mary Belot\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/21 13:19:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/21 13:19:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/21 13:19:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/21 13:19:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/21 13:15:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/20 23:28:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mary Belot\Recent
[2011/11/20 20:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Belot\Application Data\SUPERAntiSpyware.com
[2011/11/20 20:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/11/20 20:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/17 18:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/17 18:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/14 13:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/14 13:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/06 15:10:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/06 15:10:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/06 15:10:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/04 18:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/11/04 18:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Conduit
[2011/11/04 13:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Belot\Application Data\ElevatedDiagnostics
[2011/11/04 12:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/11/04 12:58:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/11/04 12:43:02 | 000,328,704 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmml115.dll
[2011/11/04 12:43:02 | 000,279,040 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmja115.dll
[2011/11/04 12:43:02 | 000,246,784 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmpm081.dll
[2011/11/04 12:43:02 | 000,223,232 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmtp115.dll
[2011/11/04 12:43:02 | 000,181,248 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmpw081.dll
[2011/11/04 12:43:02 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppccompio.dll
[2011/11/04 12:43:02 | 000,049,252 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmnque.dll
[2011/11/04 12:43:02 | 000,049,250 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmnndps.dll
[2011/11/04 12:43:02 | 000,018,944 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hppmopjl.dll
[2011/11/04 12:42:59 | 000,288,256 | ---- | C] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\hpcpn115.dll
[2011/11/04 12:42:58 | 000,902,200 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpbuio32.dll
[2011/11/04 12:42:58 | 000,059,928 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\fxcompchannel.dll
[2011/11/04 12:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011/11/04 09:42:57 | 014,045,800 | ---- | C] (Mozilla) -- C:\Documents and Settings\Mary Belot\Desktop\Firefox Setup 7.0.1.exe
[2011/11/03 10:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Belot\Application Data\PriceGong
[2008/05/10 12:12:23 | 006,547,752 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
[2007/01/30 08:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtiesc.dll
[2007/01/30 08:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtinpa.dll
[2007/01/30 08:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbthbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/11/28 12:34:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Belot\Desktop\OTL.exe
[2011/11/28 12:18:31 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a40e3035-1c3d-43c5-bb5d-19e82e7289c5.job
[2011/11/28 12:07:19 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3504804066-619358486-3596765894-1007UA.job
[2011/11/28 11:59:08 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/28 11:40:32 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DB2EB3C8-5ADC-4438-9383-4D7A94DBB0D8}.job
[2011/11/28 07:55:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/11/28 05:59:02 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/28 02:00:01 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dbbc4589-4e09-49cb-b1bf-3e6f20d0c543.job
[2011/11/28 01:55:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/11/27 23:00:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (mine).job
[2011/11/27 22:57:25 | 000,002,263 | -H-- | M] () -- C:\Documents and Settings\Mary Belot\My Documents\vba.ini
[2011/11/27 22:28:24 | 000,040,892 | ---- | M] () -- C:\Documents and Settings\Mary Belot\My Documents\Pokemon Emerald3.sgm
[2011/11/27 22:01:08 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/11/27 22:00:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/11/27 21:57:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/27 19:55:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/11/27 16:25:33 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Application Data\.backup.dm
[2011/11/27 15:28:32 | 001,008,114 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Desktop\rkill.scr
[2011/11/27 15:07:41 | 001,008,114 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Desktop\rkill.exe
[2011/11/27 11:07:08 | 001,547,774 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Desktop\tdsskiller.zip
[2011/11/27 11:06:08 | 001,916,416 | ---- | M] (AVAST Software) -- C:\WINDOWS\aswMBR.exe
[2011/11/27 11:06:08 | 001,916,416 | ---- | M] (AVAST Software) -- C:\aswMBR.exe
[2011/11/26 15:07:08 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3504804066-619358486-3596765894-1007Core.job
[2011/11/26 13:55:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/11/24 18:27:56 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/22 10:23:33 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Desktop\gmer.zip
[2011/11/22 10:11:41 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Desktop\9c4b6bwk.exe
[2011/11/22 09:11:11 | 000,607,260 | R--- | M] (Swearware) -- C:\WINDOWS\dds.scr
[2011/11/22 09:11:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Mary Belot\Desktop\dds.scr
[2011/11/22 07:56:52 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Desktop\Defogger.exe
[2011/11/22 00:14:31 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/11/22 00:10:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/11/21 19:16:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/21 19:15:16 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mary Belot\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/20 23:17:20 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/20 23:17:19 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/20 20:18:26 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/11/20 18:55:57 | 000,345,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/18 22:59:05 | 000,000,304 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~dINFWuiySiIjcS
[2011/11/18 22:59:05 | 000,000,232 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~dINFWuiySiIjcSr
[2011/11/18 22:59:03 | 000,000,432 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\dINFWuiySiIjcS
[2011/11/17 18:49:20 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/15 06:47:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/09 04:28:26 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/11/06 14:40:37 | 000,586,014 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/11/06 14:40:37 | 000,123,968 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/11/04 12:45:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\HPMProp.INI
[2011/11/04 09:44:30 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/04 09:44:30 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/04 09:42:57 | 014,045,800 | ---- | M] (Mozilla) -- C:\Documents and Settings\Mary Belot\Desktop\Firefox Setup 7.0.1.exe
[2011/10/31 06:54:29 | 000,033,092 | -H-- | M] () -- C:\Documents and Settings\Mary Belot\My Documents\cc_20111031_075424.reg

========== Files Created - No Company Name ==========

[2011/11/27 22:25:50 | 000,040,892 | ---- | C] () -- C:\Documents and Settings\Mary Belot\My Documents\Pokemon Emerald3.sgm
[2011/11/27 16:25:33 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\.backup.dm
[2011/11/27 15:28:32 | 001,008,114 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Desktop\rkill.scr
[2011/11/27 15:07:41 | 001,008,114 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Desktop\rkill.exe
[2011/11/27 12:08:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/27 11:07:02 | 001,547,774 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Desktop\tdsskiller.zip
[2011/11/22 10:23:30 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Desktop\gmer.zip
[2011/11/22 10:11:41 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Desktop\9c4b6bwk.exe
[2011/11/22 07:56:43 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Desktop\Defogger.exe
[2011/11/21 19:16:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/21 13:19:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/21 13:19:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/21 13:19:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/21 13:19:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/21 13:19:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/20 20:18:55 | 000,000,520 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a40e3035-1c3d-43c5-bb5d-19e82e7289c5.job
[2011/11/20 20:18:54 | 000,000,520 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dbbc4589-4e09-49cb-b1bf-3e6f20d0c543.job
[2011/11/20 20:18:26 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/11/20 14:31:20 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/11/20 14:31:15 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/11/20 14:31:09 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/11/18 22:59:05 | 000,000,304 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~dINFWuiySiIjcS
[2011/11/18 22:59:05 | 000,000,232 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~dINFWuiySiIjcSr
[2011/11/18 22:53:44 | 000,000,432 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\dINFWuiySiIjcS
[2011/11/17 18:49:20 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/04 12:45:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2011/11/04 09:44:30 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/31 06:54:27 | 000,033,092 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\My Documents\cc_20111031_075424.reg
[2011/08/03 10:11:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\statistics.dat
[2011/06/25 12:56:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/25 12:56:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/09/20 11:03:42 | 000,000,143 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\TAConf.conf
[2010/01/16 20:29:17 | 000,075,088 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/22 17:22:53 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2009/08/10 18:56:31 | 000,116,839 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/08/10 18:32:30 | 000,019,481 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/11 16:01:20 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/07/03 08:33:42 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/03 08:33:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/03 08:33:33 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/03 08:33:33 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/03 08:33:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/07/03 08:33:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/25 10:15:39 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/05/25 10:15:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/03/29 18:26:33 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\run323Dls.dll
[2009/03/08 10:51:54 | 000,091,520 | ---- | C] () -- C:\WINDOWS\System32\WebIQEngineSetup.exe
[2009/02/15 19:51:11 | 047,652,177 | ---- | C] () -- C:\Program Files\thescruffs.exe
[2009/02/07 09:49:58 | 000,000,005 | ---- | C] () -- C:\WINDOWS\AXELPlayer.dat
[2009/01/09 10:38:49 | 002,243,223 | ---- | C] () -- C:\Program Files\aresregular211_installer.exe
[2008/06/01 20:54:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/13 11:25:52 | 009,855,192 | ---- | C] () -- C:\Program Files\Bejeweled2Setup.exe
[2008/05/13 07:10:29 | 000,000,058 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2008/05/13 07:10:29 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/04/16 17:29:57 | 000,681,041 | ---- | C] () -- C:\Program Files\Minifig_Guide_2008_Update.zip
[2008/04/02 12:59:50 | 000,140,629 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp
[2008/04/02 12:59:50 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp
[2008/04/02 12:27:05 | 000,000,930 | ---- | C] () -- C:\Program Files\reset_minimal.zip
[2008/04/02 12:25:55 | 000,379,392 | ---- | C] () -- C:\Program Files\subinacl.msi
[2008/03/26 12:03:41 | 000,140,629 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2008/03/26 12:03:41 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2007/10/27 14:17:45 | 000,000,374 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\internaldb5724.dat
[2007/10/27 14:17:42 | 000,000,555 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\internaldb9169.dat
[2007/10/27 14:17:40 | 000,018,432 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\internaldb6500.dat
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/25 15:50:03 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/22 19:17:45 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/08/22 17:06:05 | 000,000,067 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2007/08/07 14:04:33 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/08/07 14:04:23 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2007/08/07 14:04:10 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/08/07 14:03:55 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/08/01 16:16:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exctrlst.INI
[2007/07/28 20:04:01 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/07/11 23:39:26 | 000,000,478 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2007/05/18 09:36:37 | 000,003,973 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/11 18:11:56 | 000,000,538 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\internaldb8467.dat
[2007/05/11 18:11:56 | 000,000,374 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\internaldb6334.dat
[2007/05/11 18:11:52 | 000,018,432 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\internaldb41.dat
[2007/04/21 09:29:33 | 000,000,074 | ---- | C] () -- C:\WINDOWS\savers.ini
[2007/04/12 17:42:26 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/04/12 17:42:26 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/04/12 17:42:08 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2007/04/12 17:42:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2007/04/12 17:42:07 | 000,439,656 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2007/01/18 22:15:05 | 000,204,848 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2007/01/05 07:43:15 | 000,000,097 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\SSTracePrefs.xml
[2006/11/19 21:16:51 | 000,000,097 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/11/11 00:10:50 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2006/09/26 17:13:48 | 000,000,026 | ---- | C] () -- C:\WINDOWS\words.INI
[2006/09/08 23:01:37 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/09/08 23:01:36 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/09/08 23:00:21 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/09/08 23:00:21 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/09/08 23:00:20 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/09/02 19:41:18 | 000,080,553 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/09/02 19:41:18 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/08/26 17:27:29 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RSoftInfo.dat
[2006/07/06 11:00:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2006/07/06 11:00:07 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2006/06/22 12:22:48 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/20 20:10:24 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/06/16 15:05:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\QTWMCI32.DLL
[2006/05/02 17:38:24 | 000,072,444 | ---- | C] () -- C:\WINDOWS\SetBrowser.exe
[2006/05/02 17:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2006/03/30 19:02:33 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\TTSServer.dll
[2006/03/26 12:07:00 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI
[2006/03/15 20:51:32 | 000,209,920 | ---- | C] () -- C:\WINDOWS\iun3401.exe
[2006/02/18 19:06:35 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/12/13 15:56:43 | 000,000,064 | ---- | C] () -- C:\WINDOWS\gross.ini
[2005/09/14 19:09:40 | 000,002,129 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/09/09 15:56:41 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2005/09/03 10:29:04 | 000,000,232 | ---- | C] () -- C:\WINDOWS\ATOZAP.INI
[2005/08/10 21:26:41 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/05/25 08:07:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtcnv4.dll
[2005/05/05 18:36:17 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe
[2005/05/04 10:10:36 | 000,000,133 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Local Settings\Application Data\fusioncache.dat
[2005/05/03 15:29:44 | 000,000,952 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2005/05/03 15:24:57 | 000,000,249 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/04/24 16:26:39 | 000,001,228 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/04/08 02:31:19 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2005/04/08 02:29:05 | 000,000,735 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2005/04/03 10:15:58 | 000,270,848 | ---- | C] () -- C:\WINDOWS\unwise.exe
[2005/03/26 15:16:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2005/03/22 20:52:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/03/21 19:18:34 | 000,000,057 | ---- | C] () -- C:\WINDOWS\rkeeper.ini
[2005/03/20 18:58:51 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/03/20 18:48:36 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\SH30W32.DLL
[2005/03/20 13:38:46 | 000,000,576 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/03/20 01:39:50 | 000,001,460 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/03/19 17:04:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Setup32.INI
[2005/03/19 15:52:48 | 000,000,894 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2005/03/19 15:16:11 | 000,005,604 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/03/19 15:07:23 | 000,001,044 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/03/19 14:08:52 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/03/16 07:47:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/16 07:45:39 | 000,001,833 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/16 07:41:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/16 07:30:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/16 07:20:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/03/16 07:19:24 | 000,586,014 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/03/16 07:19:24 | 000,123,968 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/03/16 06:59:46 | 000,000,299 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 08:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 08:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 08:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 08:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 08:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 08:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 08:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 08:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 08:18:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/11 18:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/11 18:20:10 | 000,345,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:14:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:12:16 | 000,026,508 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 17:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/18 15:10:36 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.DLL
[1999/07/05 05:00:00 | 000,075,040 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

========== LOP Check ==========

[2009/02/08 09:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/11/02 21:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ascentive
[2008/08/08 20:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2006/08/24 23:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Beta client
[2008/12/02 11:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Christmasville
[2006/04/23 18:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Interactive
[2010/09/01 12:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/08/22 18:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Exetender
[2009/05/31 19:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/08/05 18:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friends Games
[2005/03/19 15:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Imaginext™
[2008/04/29 17:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/02/20 21:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2007/05/29 15:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\minigolfVUG
[2011/10/17 10:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfVUG_TacoBell3
[2009/10/19 07:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/05/30 14:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mushroom Age
[2011/09/28 18:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/01 12:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2007/07/10 20:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/09/25 06:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2007/03/06 22:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkillJam
[2011/11/20 19:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/28 18:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2007/11/02 15:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/04 06:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/01/10 18:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2007/08/22 19:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/03/12 19:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/22 21:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/15 08:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 12:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/20 20:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\.bsnes
[2011/05/28 20:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\.minecraft
[2008/10/15 22:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\7Wonders
[2009/07/28 12:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Aisle 5 Games, Inc
[2009/05/25 10:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Ascentive
[2010/12/29 12:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Awem
[2011/11/04 13:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\ElevatedDiagnostics
[2007/04/04 11:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Expedia
[2008/05/08 12:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Flock
[2009/05/31 19:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Flood Light Games
[2008/04/06 07:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\FrimaStudio
[2008/06/01 20:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\GamesCafe
[2009/01/12 13:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\GetRightToGo
[2008/03/03 18:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\GlarySoft
[2007/11/02 09:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\IE7Pro
[2008/06/13 12:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\ieSpell
[2008/03/08 10:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Image Zone Express
[2008/01/05 17:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\iolo
[2007/07/11 23:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\iScreensaver
[2009/03/19 06:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\iWin
[2007/10/05 09:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Juniper Networks
[2008/04/08 11:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Keynote Systems
[2005/08/18 18:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Leadertech
[2008/02/27 22:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\LEGO Company
[2008/07/24 12:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\LimeWire
[2005/03/26 14:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\MSNInstaller
[2006/07/07 19:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Musicmatch
[2008/11/13 15:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Netscape
[2009/05/18 16:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Oberonv1002
[2008/05/07 09:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Opera
[2008/06/17 15:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\PlayFirst
[2011/11/05 09:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\PriceGong
[2007/09/08 13:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Printer Info Cache
[2009/08/17 07:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\PRODEGETOOLBAR567
[2006/09/07 21:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Registry Booster
[2008/07/30 09:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\SaveThePuppy
[2007/03/30 20:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\SBTT
[2006/08/20 21:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Simple Star
[2010/01/08 16:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\SmartDraw
[2009/04/23 08:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\SMOz
[2006/12/01 19:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Snapfish
[2009/10/24 11:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\System Tweaker
[2009/02/15 19:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\TheScruffs
[2011/11/06 20:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Uniblue
[2007/03/10 00:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Viewpoint
[2009/01/07 14:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Vista Start Menu
[2006/05/13 05:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Walgreens
[2006/08/10 18:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\WholeSecurity
[2009/10/03 11:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Windows Desktop Search
[2009/12/09 18:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Windows Search
[2010/09/28 07:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\WinPatrol
[2011/11/27 23:00:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Scan (mine).job
[2011/11/28 07:55:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/11/26 13:55:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/11/27 19:55:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011/11/28 01:55:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2011/11/28 12:18:31 | 000,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task a40e3035-1c3d-43c5-bb5d-19e82e7289c5.job
[2011/11/28 02:00:01 | 000,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dbbc4589-4e09-49cb-b1bf-3e6f20d0c543.job
[2011/11/28 11:40:32 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DB2EB3C8-5ADC-4438-9383-4D7A94DBB0D8}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:160ADF0B
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF2C26D2
@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C75E5BE
@Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E66EE85
@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D8F3340
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9176C0
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8342E7B
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C12E68D
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981349EA
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A823589
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94188BC6
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512B5648
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7393FC
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B79AEF3
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E660858
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3F95A98
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEA16326
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:557AD709
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D52DDC38
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:878E26F0
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A2F483A
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF695222
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20240A47
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45FE2B4E
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708561A8
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C69EEE
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6798065

< End of report >
OTL Extras logfile created on: 11/28/2011 12:37:31 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mary Belot\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.08 Mb Total Physical Memory | 191.18 Mb Available Physical Memory | 38.08% Memory free
1.52 Gb Paging File | 0.61 Gb Available in Paging File | 39.94% Paging File free
Paging file location(s): C:\pagefile.sys 900 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.67 Gb Total Space | 9.51 Gb Free Space | 13.46% Space Free | Partition Type: NTFS

Computer Name: D3NDXZ61 | User Name: Mary Belot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.js [@ = JSFile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\System32\Mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\network diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe:*:Enabled:Network Diagnostic for Windows XP -- (Microsoft Corporation)
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Documents and Settings\Mary Belot\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Mary Belot\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010F7E2B-9ACA-4D31-B87C-09EC5CC8D3F1}" = TurboTax 2008 winiper
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.1.69
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 29
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Verizon Games on Demand Player
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{385E26E0-EAA2-012B-ADA5-000000000000}" = TurboTax 2009 winiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{44397CF9-315D-4535-8585-DCD2EE47B966}" = Opera 10.62
"{486CC64F-030A-4C9A-8716-87E26D28FKQ1}_is1" = King's Quest I: Quest for the Crown (4.1)
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE43B07-C452-4EE9-B5D8-0FD1F3396D31}" = Cartoon Network
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69A83D99-D41B-4396-BCC4-3DCB77DFFED0}" = WebIQ Technology Engine
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110194827}" = Jewel Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111170320}" = 7 Wonders of the Ancient World
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}" = Big Kahuna Reef 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113753713}" = Age of Emerald
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114916510}" = Can you see What I See
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115540840}" = Dr Lynch Grave Secrets
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115632457}" = The Mushroom Age
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116866250}" = Escape From Rosecliff Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116893980}" = Paradise Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117605490}" = Midnight Mysteries The Edgar Allan Poe Conspiracy
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8DFD3DDA-6127-413a-83E7-5E03F17F2275}" = PS420
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9CCE527D-356F-41A8-9718-77A68AC065FB}" = PlayLinc
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2F6B63B-01BA-4D18-BBE2-31743427D8A3}" = Minigolf Space
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6695AD7-C016-4C01-919D-C9C46917419B}" = SHReK the THiRD™ Demo
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{A7BE7658-4DB4-42D0-A128-C525C4A32703}" = InstallIQ Updater
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}" = Microsoft Tool Web Package : EXCTRLST.EXE
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7010632-E5EE-4263-B80E-BC9D45439EB0}" = TurboTax 2010 winiper
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D36B4583-E804-406B-9D56-F97931286C5B}" = 32 Bit HP CIO Components Installer
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E6380875-C349-4CAD-B331-FF22632D44D4}" = Big Green Help
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"Absolute Uninstaller_is1" = Absolute Uninstaller 2.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AI RoboForm" = AI RoboForm (All Users)
"Algebrator_is1" = Algebrator 4.0
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon Kindle" = Amazon Kindle
"ArchFiendsChecklist1b" = ArchFiendsChecklist1b Screen Saver
"Around The World In 80 Days_is1" = Around The World In 80 Days
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"ArtistScope Plugin IE4.5.2.0" = ArtistScope Plugin IE
"Battletoads_is1" = Battletoads
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe (remove only)
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"BFGC" = Big Fish Games: Game Manager
"BFG-Cradle of Rome 2" = Cradle of Rome 2
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSSD1200IS_IXUS95IS" = Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"Clifford Musical Memory Games" =
"ClueFinders® The Incredible Toy Store Adventure!™" = ClueFinders® The Incredible Toy Store Adventure!™
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Cradle of Persia" = Cradle of Persia
"Crayola3DColor" = Crayola Magic 3D Coloring Book
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Disney's Active Play, A Bug's Life" = Disney's Active Play, A Bug's Life
"dlatray.exe" =
"DnDMinis_DK_checklist" = DnDMinis_DK_checklist Screen Saver
"Dora's 3-D Pyramid Adventure" = Dora's 3-D Pyramid Adventure
"dragonEyeChecklist" = dragonEyeChecklist Screen Saver
"Driver Wizard_is1" = Driver Wizard
"Easy Uninstaller" = Easy Uninstaller
"ffdshow_is1" = ffdshow
"getPlus®_ocx" = getPlus®_ocx
"Glary Registry Repair_is1" = Glary Registry Repair 3.0
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"iCarly - iDream in Toons" = iCarly - iDream in Toons
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InstallShield_{A2F6B63B-01BA-4D18-BBE2-31743427D8A3}" = Minigolf Space
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"InterActual Player" = InterActual Player
"Jewel Quest 2_is1" = Jewel Quest 2
"JSMUSIC" = JumpStart Music
"KeynoteConnector" = Keynote Connector
"Kid Pix Deluxe 3" = Kid Pix Deluxe 3
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"Magic Ball 2 Spring Time" = Magic Ball 2 Spring Time (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Man in the Moon" = Man in the Moon
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Interactive Training" =
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Monopoly - SpongeBob Edition" = Monopoly - SpongeBob Edition
"MONOPOLY - SpongeBob SquarePants Edition" = Monopoly - SpongeBob SquarePants Edition
"MONOPOLY HERE & NOW EDITION" = MONOPOLY HERE & NOW EDITION
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NetMeter" = Nielsen Online
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"Nick Blockade" = Nick Blockade (remove only)
"nickarcade" = Nick Aracde Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OE-Mail Recovery_is1" = OE-Mail Recovery 1.7
"Personal Printing Guide" = Canon Personal Printing Guide
"PHONICS" = JumpStart Phonics
"PhotoStitch" = Canon Utilities PhotoStitch
"Pixel Land Blast" = Pixel Land Blast
"PriceGong" = PriceGong 2.5.1
"Ready for Math with Pooh" = Disney's Ready for Math with Pooh
"RealArcade" = RealArcade
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Resume Templates" = Resume Templates Basic
"Secunia PSI" = Secunia PSI
"Sierra Uninstall" = Sierra On-Line Games (Remove only)
"SkillJam SecurePlayer" = Secure Game Player
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"SpongeBob Atlantis SquareOff" = SpongeBob Atlantis SquareOff
"SpongeBob SquarePants Diner Dash 2" = SpongeBob SquarePants Diner Dash 2
"SpongeBob SquarePants Movie 3D Game" = SpongeBob SquarePants Movie 3D Game (remove only)
"SpongeBob SquarePants Obstacle Odyssey" = SpongeBob SquarePants Obstacle Odyssey
"SpongeBob SquarePants Obstacle Odyssey 2" = SpongeBob SquarePants Obstacle Odyssey 2
"SpywareBlaster_is1" = SpywareBlaster 4.4
"The_Scruffs" = MINICLIP The Scruffs
"Timez Attack 3.27" = Timez Attack
"Timez Attack Launcher E" = Timez Attack Launcher
"TrainTown" = 3D Ultra Lionel® TrainTown
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"TurboTax Premier 2007" = TurboTax Premier 2007
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Unit Conversion Tool Evaluation Version_is1" = Unit Conversion Tool Evaluation Version 5.1
"UnityWebPlayer" = Unity Web Player
"UnixUtils for Yahoo! Widgets" = Unix Utilities for Yahoo! Widgets
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Yahoo! Applications" = Verizon Yahoo! Applications
"Virtools3DLifePlayer" = Virtools 3D Life Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebIQ" = WebIQ Client Software
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Widget Engine" = Yahoo! Widgets
"ZC190SR1" = Zelda Classic 1.90SR1
"ZC2.10w" = Zelda Classic 2.10w
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Juniper_Networks_Cache_Cleaner 5.5.0" = Juniper Networks Cache Cleaner 5.5.0
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/27/2011 11:04:11 PM | Computer Name = D3NDXZ61 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/27/2011 11:13:37 PM | Computer Name = D3NDXZ61 | Source = MsiInstaller | ID = 11706
Description = Product: HPPhotosmartEssential -- Error 1706. An installation package
for the product HPPhotosmartEssential cannot be found. Try the installation again
using a valid copy of the installation package 'HPPhotosmartEssential.msi'.

Error - 11/27/2011 11:13:38 PM | Computer Name = D3NDXZ61 | Source = Application Hang | ID = 1002
Description = Hanging application VisualBoyAdvance.exe, version 1.8.0.603, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/27/2011 11:13:39 PM | Computer Name = D3NDXZ61 | Source = Application Hang | ID = 1002
Description = Hanging application VisualBoyAdvance.exe, version 1.8.0.603, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/27/2011 11:13:39 PM | Computer Name = D3NDXZ61 | Source = Application Hang | ID = 1002
Description = Hanging application VisualBoyAdvance.exe, version 1.8.0.603, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/27/2011 11:13:40 PM | Computer Name = D3NDXZ61 | Source = Application Hang | ID = 1002
Description = Hanging application VisualBoyAdvance.exe, version 1.8.0.603, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/27/2011 11:23:33 PM | Computer Name = D3NDXZ61 | Source = MsiInstaller | ID = 11706
Description = Product: HPPhotosmartEssential -- Error 1706. An installation package
for the product HPPhotosmartEssential cannot be found. Try the installation again
using a valid copy of the installation package 'HPPhotosmartEssential.msi'.

Error - 11/27/2011 11:57:28 PM | Computer Name = D3NDXZ61 | Source = MsiInstaller | ID = 11706
Description = Product: HPPhotosmartEssential -- Error 1706. An installation package
for the product HPPhotosmartEssential cannot be found. Try the installation again
using a valid copy of the installation package 'HPPhotosmartEssential.msi'.

Error - 11/28/2011 7:42:11 AM | Computer Name = D3NDXZ61 | Source = MsiInstaller | ID = 11706
Description = Product: HPPhotosmartEssential -- Error 1706. An installation package
for the product HPPhotosmartEssential cannot be found. Try the installation again
using a valid copy of the installation package 'HPPhotosmartEssential.msi'.

Error - 11/28/2011 7:44:57 AM | Computer Name = D3NDXZ61 | Source = MsiInstaller | ID = 11706
Description = Product: HPPhotosmartEssential -- Error 1706. An installation package
for the product HPPhotosmartEssential cannot be found. Try the installation again
using a valid copy of the installation package 'HPPhotosmartEssential.msi'.

[ System Events ]
Error - 11/27/2011 9:50:55 PM | Computer Name = D3NDXZ61 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/27/2011 9:51:21 PM | Computer Name = D3NDXZ61 | Source = Service Control Manager | ID = 7001
Description = The Message Queuing service depends on the Distributed Transaction
Coordinator service which failed to start because of the following error: %%1068

Error - 11/27/2011 9:51:21 PM | Computer Name = D3NDXZ61 | Source = Service Control Manager | ID = 7001
Description = The World Wide Web Publishing service depends on the IIS Admin service
which failed to start because of the following error: %%1068

Error - 11/27/2011 9:51:21 PM | Computer Name = D3NDXZ61 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm SASDIFSV SASKUTIL

Error - 11/27/2011 9:52:45 PM | Computer Name = D3NDXZ61 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/27/2011 9:53:36 PM | Computer Name = D3NDXZ61 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/27/2011 9:53:47 PM | Computer Name = D3NDXZ61 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/27/2011 10:59:35 PM | Computer Name = D3NDXZ61 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/27/2011 11:01:07 PM | Computer Name = D3NDXZ61 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 11/27/2011 11:02:52 PM | Computer Name = D3NDXZ61 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 PM

Posted 28 November 2011 - 02:24 PM

Lets remove these items from the registry.

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/08/05 03:45:21 | 000,000,000 | ---D | M] (PriceGong) -- C:\Documents and Settings\Mary Belot\Application Data\Mozilla\Firefox\Profiles\hmoltoiy.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
    CHR - Extension: PriceGong = C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.0_0\
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
    SRV - (HidServ) -- File not found
    SRV - (gusvc) -- File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Reg Error: Key error. (Reg Error: Key error.)
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:160ADF0B
    @Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
    @Alternate Data Stream - 191 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF2C26D2
    @Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C75E5BE
    @Alternate Data Stream - 187 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1E66EE85
    @Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D8F3340
    @Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9176C0
    @Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8342E7B
    @Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C12E68D
    @Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981349EA
    @Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A823589
    @Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94188BC6
    @Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512B5648
    @Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7393FC
    @Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B79AEF3
    @Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E660858
    @Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028
    @Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
    @Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3F95A98
    @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEA16326
    @Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F
    @Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B4E612
    @Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:557AD709
    @Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
    @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D52DDC38
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:878E26F0
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A2F483A
    @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF695222
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20240A47
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45FE2B4E
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708561A8
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C69EEE
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6798065
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Try to run the other tools I previously asked that your execute.
Post the logs if you can.
===

In nothing runs then execute this.

Please download MiniToolBox to Desktop and run it.

Checkmark the following boxe:
  • List Users, Partitions and Memory Size
Click Go and copy/paste the log (Result.txt) into your next post.

#9 mjb2010

mjb2010
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 28 November 2011 - 04:22 PM

Ran the fix, rebooted, ran scan again, tried to run aswMbr.exe and Tdsskiller.exe both failed. Loaded minitoolbox ran scan.
MiniToolBox by Farbar
Ran by Mary Belot (administrator) on 28-11-2011 at 16:08:17
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Memory info: ===================================

Percentage of memory in use: 87%
Total physical RAM: 502.08 MB
Available physical RAM: 64.16 MB
Total Pagefile: 1368.06 MB
Available Pagefile: 848.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.68 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:70.67 GB) (Free:9.7 GB) NTFS

========================= Users: ========================================

User accounts for \\D3NDXZ61

Administrator ASPNET Guest
HelpAssistant IUSR_D3NDXZ61 IWAM_D3NDXZ61
Jim Belot Mary Belot printertest
SUPPORT_388945a0 Tommy Belot


**** End of log ****
OTL logfile created on: 11/28/2011 4:09:35 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mary Belot\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.08 Mb Total Physical Memory | 79.98 Mb Available Physical Memory | 15.93% Memory free
1.34 Gb Paging File | 0.78 Gb Available in Paging File | 58.47% Paging File free
Paging file location(s): C:\pagefile.sys 900 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.67 Gb Total Space | 9.70 Gb Free Space | 13.73% Space Free | Partition Type: NTFS

Computer Name: D3NDXZ61 | User Name: Mary Belot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mary Belot\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\WINDOWS\SYSTEM32\CSHelper.exe ()
PRC - C:\Program Files\Yahoo!\common\YMailAdvisor.exe (Yahoo! Inc.)
PRC - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\SYSTEM32\UAService7.exe ()


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\SYSTEM32\CSHelper.exe ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll ()
MOD - C:\Program Files\Amazon\Amazon Games & Software Downloader\utility.dll ()
MOD - C:\Program Files\Amazon\Amazon Games & Software Downloader\libexpat.dll ()
MOD - C:\Program Files\iolo\Common\Lib\URLStopper.dll ()
MOD - C:\WINDOWS\SYSTEM32\UAService7.exe ()
MOD - C:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll ()


========== Win32 Services (SafeList) ==========

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (CSHelper) -- C:\WINDOWS\SYSTEM32\CSHelper.exe ()
SRV - (Amazon Download Agent) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (W3SVC) -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\SYSTEM32\p2pgasvc.dll (Microsoft Corporation)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (trioService) -- C:\Program Files\3D-Relax\Lightning Storm 3D Trial\trioService.exe ()
SRV - (UserAccess7) SecuROM User Access Service (V7) -- C:\WINDOWS\SYSTEM32\UAService7.exe ()


========== Driver Services (SafeList) ==========

DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\WINDOWS\SYSTEM32\DRIVERS\dc3d.sys (Microsoft Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SBRE) -- C:\WINDOWS\SYSTEM32\DRIVERS\SBREDrv.sys (Sunbelt Software)
DRV - (PSI) -- C:\WINDOWS\SYSTEM32\DRIVERS\psi_mf.sys (Secunia)
DRV - (Tcpip6) -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (WinDriver6) -- C:\WINDOWS\SYSTEM32\DRIVERS\windrvr6.sys (Jungo)
DRV - (RMCAST) -- C:\WINDOWS\SYSTEM32\DRIVERS\rmcast.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\SYSTEM32\DRIVERS\mqac.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042mou.Sys (Logitech, Inc.)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (CdaD10BA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CdaD10BA.SYS (Macrovision Europe Ltd)
DRV - (X4HSX32) -- C:\Program Files\Verizon Games on Demand Player\X4HSX32.sys (Exent Technologies Ltd.)
DRV - (hamachi_oem) -- C:\WINDOWS\SYSTEM32\DRIVERS\gan_adapter.sys (Applied Networking Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (senfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys (Creative Technology Ltd.)
DRV - (bvrp_pci) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mary Belot\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Mary Belot\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/06 07:39:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2007/03/10 09:04:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/14 13:01:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/16 11:20:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2011/11/14 13:01:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2011/11/16 11:20:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/06 07:39:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Mary Belot\Application Data\Move Networks [2010/08/10 09:46:22 | 000,000,000 | -H-D | M]

[2009/07/06 07:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Belot\Application Data\Mozilla\Extensions
[2011/11/28 15:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary Belot\Application Data\Mozilla\Firefox\Profiles\hmoltoiy.default\extensions
[2009/02/17 22:25:12 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Mary Belot\Application Data\Mozilla\Firefox\Profiles\hmoltoiy.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/09/28 08:38:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mary Belot\Application Data\Mozilla\Firefox\Profiles\hmoltoiy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/04 09:45:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Mary Belot\Application Data\Mozilla\Firefox\Profiles\hmoltoiy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/24 14:15:00 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Mary Belot\Application Data\Mozilla\Firefox\Profiles\hmoltoiy.default\extensions\searchtoolbar@zugo.com
[2011/11/11 20:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/06 15:10:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/11 20:56:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2011/11/11 20:56:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 20:56:44 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Mary Belot\Application Data\Move Networks\plugins\npqmp071505000010.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/22 00:10:10 | 000,000,000 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn25\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn25\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn25\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn25\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: adobe.com ([get] http in Trusted sites)
O15 - HKCU\..Trusted Domains: barnesandnoble.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cafemom.com ([games] http in Trusted sites)
O15 - HKCU\..Trusted Domains: e-rewards.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: globalepanel.com ([surveys] http in Trusted sites)
O15 - HKCU\..Trusted Domains: go.com ([abc] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hpolsurveys.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ichotelsgroup.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: invokesolutions.com ([online] http in Trusted sites)
O15 - HKCU\..Trusted Domains: listenernetwork.com ([wowo] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mypoints.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pizzahut.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: questionmarket.com ([survey] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tracfone.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tracfone.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: worldwinner.com ([mypoints] http in Trusted sites)
O15 - HKCU\..Trusted Domains: worldwinner.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: wrinsiders.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([us.f325.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([us.mc01g.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([us.mc324.mail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: your2cents.com ([www] http in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.4.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F32B388-9C01-4B3A-A7BC-4697EF450105}: DhcpNameServer = 192.168.1.1 184.16.4.22
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\Mary Belot\Application Data\iolo\)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 16:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Belot\Desktop\tdsskiller
[2011/11/28 15:46:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/28 12:34:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary Belot\Desktop\OTL.exe
[2011/11/27 11:30:05 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2011/11/27 11:28:41 | 001,916,416 | ---- | C] (AVAST Software) -- C:\WINDOWS\aswMBR.exe
[2011/11/27 11:25:28 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mary Belot\Desktop\aswMBR.exe
[2011/11/22 16:31:17 | 000,607,260 | R--- | C] (Swearware) -- C:\WINDOWS\dds.scr
[2011/11/22 10:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Belot\Desktop\gmer
[2011/11/22 09:11:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Mary Belot\Desktop\dds.scr
[2011/11/22 00:14:35 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/11/21 19:14:57 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mary Belot\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/21 13:19:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/21 13:19:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/21 13:19:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/21 13:19:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/21 13:15:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/20 23:28:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mary Belot\Recent
[2011/11/20 20:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Belot\Application Data\SUPERAntiSpyware.com
[2011/11/20 20:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/11/20 20:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/17 18:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/17 18:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/14 13:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/11/14 13:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/04 18:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/11/04 18:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Belot\Local Settings\Application Data\Conduit
[2011/11/04 13:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Belot\Application Data\ElevatedDiagnostics
[2011/11/04 12:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/11/04 12:58:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/11/04 12:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2011/11/03 10:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mary Belot\Application Data\PriceGong
[2008/05/10 12:12:23 | 006,547,752 | ---- | C] (Lime Wire LLC) -- C:\Program Files\LimeWireWin.exe
[2007/01/30 08:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtiesc.dll
[2007/01/30 08:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbtinpa.dll
[2007/01/30 08:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbthbn3.dll

========== Files - Modified Within 30 Days ==========

[2011/11/28 16:07:02 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3504804066-619358486-3596765894-1007UA.job
[2011/11/28 16:06:52 | 000,381,631 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Desktop\MiniToolBox.exe
[2011/11/28 15:59:03 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/28 15:50:14 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/11/28 15:50:13 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/28 15:49:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/11/28 15:07:07 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3504804066-619358486-3596765894-1007Core.job
[2011/11/28 13:55:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/11/28 12:34:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary Belot\Desktop\OTL.exe
[2011/11/28 12:18:31 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a40e3035-1c3d-43c5-bb5d-19e82e7289c5.job
[2011/11/28 11:40:32 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DB2EB3C8-5ADC-4438-9383-4D7A94DBB0D8}.job
[2011/11/28 07:55:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2011/11/28 02:00:01 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dbbc4589-4e09-49cb-b1bf-3e6f20d0c543.job
[2011/11/28 01:55:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/11/27 23:00:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (mine).job
[2011/11/27 22:57:25 | 000,002,263 | -H-- | M] () -- C:\Documents and Settings\Mary Belot\My Documents\vba.ini
[2011/11/27 22:28:24 | 000,040,892 | ---- | M] () -- C:\Documents and Settings\Mary Belot\My Documents\Pokemon Emerald3.sgm
[2011/11/27 21:57:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/27 19:55:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/11/27 16:25:33 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Application Data\.backup.dm
[2011/11/27 15:28:32 | 001,008,114 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Desktop\rkill.scr
[2011/11/27 15:07:41 | 001,008,114 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Desktop\rkill.exe
[2011/11/27 11:07:08 | 001,547,774 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Desktop\tdsskiller.zip
[2011/11/27 11:06:08 | 001,916,416 | ---- | M] (AVAST Software) -- C:\WINDOWS\aswMBR.exe
[2011/11/27 11:06:08 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mary Belot\Desktop\aswMBR.exe
[2011/11/24 18:27:56 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/22 10:23:33 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Desktop\gmer.zip
[2011/11/22 10:11:41 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Desktop\9c4b6bwk.exe
[2011/11/22 09:11:11 | 000,607,260 | R--- | M] (Swearware) -- C:\WINDOWS\dds.scr
[2011/11/22 09:11:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Mary Belot\Desktop\dds.scr
[2011/11/22 07:56:52 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Desktop\Defogger.exe
[2011/11/22 00:14:31 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/11/22 00:10:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/11/21 19:16:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/21 19:15:16 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mary Belot\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/20 23:17:20 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/11/20 23:17:19 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/11/20 20:18:26 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/11/20 18:55:57 | 000,345,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/18 22:59:05 | 000,000,304 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~dINFWuiySiIjcS
[2011/11/18 22:59:05 | 000,000,232 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~dINFWuiySiIjcSr
[2011/11/18 22:59:03 | 000,000,432 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\dINFWuiySiIjcS
[2011/11/17 18:49:20 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/09 04:28:26 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/11/06 14:40:37 | 000,586,014 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/11/06 14:40:37 | 000,123,968 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/11/04 12:45:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\HPMProp.INI
[2011/11/04 09:44:30 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mary Belot\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/04 09:44:30 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/31 06:54:29 | 000,033,092 | -H-- | M] () -- C:\Documents and Settings\Mary Belot\My Documents\cc_20111031_075424.reg

========== Files Created - No Company Name ==========

[2011/11/28 16:06:52 | 000,381,631 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Desktop\MiniToolBox.exe
[2011/11/27 22:25:50 | 000,040,892 | ---- | C] () -- C:\Documents and Settings\Mary Belot\My Documents\Pokemon Emerald3.sgm
[2011/11/27 16:25:33 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\.backup.dm
[2011/11/27 15:28:32 | 001,008,114 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Desktop\rkill.scr
[2011/11/27 15:07:41 | 001,008,114 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Desktop\rkill.exe
[2011/11/27 12:08:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/27 11:07:02 | 001,547,774 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Desktop\tdsskiller.zip
[2011/11/22 10:23:30 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Desktop\gmer.zip
[2011/11/22 10:11:41 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Desktop\9c4b6bwk.exe
[2011/11/22 07:56:43 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Desktop\Defogger.exe
[2011/11/21 19:16:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/21 13:19:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/21 13:19:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/21 13:19:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/21 13:19:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/21 13:19:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/20 20:18:55 | 000,000,520 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task a40e3035-1c3d-43c5-bb5d-19e82e7289c5.job
[2011/11/20 20:18:54 | 000,000,520 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dbbc4589-4e09-49cb-b1bf-3e6f20d0c543.job
[2011/11/20 20:18:26 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/11/20 14:31:20 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2011/11/20 14:31:15 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2011/11/20 14:31:09 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2011/11/18 22:59:05 | 000,000,304 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~dINFWuiySiIjcS
[2011/11/18 22:59:05 | 000,000,232 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~dINFWuiySiIjcSr
[2011/11/18 22:53:44 | 000,000,432 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\dINFWuiySiIjcS
[2011/11/17 18:49:20 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/11/04 12:45:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2011/11/04 09:44:30 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/31 06:54:27 | 000,033,092 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\My Documents\cc_20111031_075424.reg
[2011/08/03 10:11:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\statistics.dat
[2011/06/25 12:56:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/25 12:56:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/09/20 11:03:42 | 000,000,143 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\TAConf.conf
[2010/01/16 20:29:17 | 000,075,088 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/22 17:22:53 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2009/08/10 18:56:31 | 000,116,839 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/08/10 18:32:30 | 000,019,481 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/11 16:01:20 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/07/03 08:33:42 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/03 08:33:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/03 08:33:33 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/03 08:33:33 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/07/03 08:33:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/07/03 08:33:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/05/25 10:15:39 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/05/25 10:15:38 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/03/29 18:26:33 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\run323Dls.dll
[2009/03/08 10:51:54 | 000,091,520 | ---- | C] () -- C:\WINDOWS\System32\WebIQEngineSetup.exe
[2009/02/15 19:51:11 | 047,652,177 | ---- | C] () -- C:\Program Files\thescruffs.exe
[2009/02/07 09:49:58 | 000,000,005 | ---- | C] () -- C:\WINDOWS\AXELPlayer.dat
[2009/01/09 10:38:49 | 002,243,223 | ---- | C] () -- C:\Program Files\aresregular211_installer.exe
[2008/06/01 20:54:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/13 11:25:52 | 009,855,192 | ---- | C] () -- C:\Program Files\Bejeweled2Setup.exe
[2008/05/13 07:10:29 | 000,000,058 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2008/05/13 07:10:29 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/04/16 17:29:57 | 000,681,041 | ---- | C] () -- C:\Program Files\Minifig_Guide_2008_Update.zip
[2008/04/02 12:59:50 | 000,140,629 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp
[2008/04/02 12:59:50 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp
[2008/04/02 12:27:05 | 000,000,930 | ---- | C] () -- C:\Program Files\reset_minimal.zip
[2008/04/02 12:25:55 | 000,379,392 | ---- | C] () -- C:\Program Files\subinacl.msi
[2008/03/26 12:03:41 | 000,140,629 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2008/03/26 12:03:41 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2007/10/27 14:17:45 | 000,000,374 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\internaldb5724.dat
[2007/10/27 14:17:42 | 000,000,555 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\internaldb9169.dat
[2007/10/27 14:17:40 | 000,018,432 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\internaldb6500.dat
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/25 15:50:03 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/22 19:17:45 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/08/22 17:06:05 | 000,000,067 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2007/08/07 14:04:33 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/08/07 14:04:23 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2007/08/07 14:04:10 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/08/07 14:03:55 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/08/01 16:16:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exctrlst.INI
[2007/07/28 20:04:01 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/07/11 23:39:26 | 000,000,478 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2007/05/18 09:36:37 | 000,003,973 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/11 18:11:56 | 000,000,538 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\internaldb8467.dat
[2007/05/11 18:11:56 | 000,000,374 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\internaldb6334.dat
[2007/05/11 18:11:52 | 000,018,432 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\internaldb41.dat
[2007/04/21 09:29:33 | 000,000,074 | ---- | C] () -- C:\WINDOWS\savers.ini
[2007/04/12 17:42:26 | 000,696,320 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/04/12 17:42:26 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/04/12 17:42:08 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2007/04/12 17:42:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2007/04/12 17:42:07 | 000,439,656 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2007/01/18 22:15:05 | 000,204,848 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2007/01/05 07:43:15 | 000,000,097 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Application Data\SSTracePrefs.xml
[2006/11/19 21:16:51 | 000,000,097 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/11/11 00:10:50 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2006/09/26 17:13:48 | 000,000,026 | ---- | C] () -- C:\WINDOWS\words.INI
[2006/09/08 23:01:37 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/09/08 23:01:36 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/09/08 23:00:21 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/09/08 23:00:21 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/09/08 23:00:20 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/09/02 19:41:18 | 000,080,553 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/09/02 19:41:18 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/08/26 17:27:29 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RSoftInfo.dat
[2006/07/06 11:00:40 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2006/07/06 11:00:07 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2006/06/22 12:22:48 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Mary Belot\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/20 20:10:24 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/06/16 15:05:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\QTWMCI32.DLL
[2006/05/02 17:38:24 | 000,072,444 | ---- | C] () -- C:\WINDOWS\SetBrowser.exe
[2006/05/02 17:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2006/03/30 19:02:33 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\TTSServer.dll
[2006/03/26 12:07:00 | 000,000,035 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI
[2006/03/15 20:51:32 | 000,209,920 | ---- | C] () -- C:\WINDOWS\iun3401.exe
[2006/02/18 19:06:35 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/12/13 15:56:43 | 000,000,064 | ---- | C] () -- C:\WINDOWS\gross.ini
[2005/09/14 19:09:40 | 000,002,129 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/09/09 15:56:41 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2005/09/03 10:29:04 | 000,000,232 | ---- | C] () -- C:\WINDOWS\ATOZAP.INI
[2005/08/10 21:26:41 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/05/25 08:07:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtcnv4.dll
[2005/05/05 18:36:17 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe
[2005/05/04 10:10:36 | 000,000,133 | -H-- | C] () -- C:\Documents and Settings\Mary Belot\Local Settings\Application Data\fusioncache.dat
[2005/05/03 15:29:44 | 000,000,952 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2005/05/03 15:24:57 | 000,000,249 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/04/24 16:26:39 | 000,001,228 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/04/08 02:31:19 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2005/04/08 02:29:05 | 000,000,735 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2005/04/03 10:15:58 | 000,270,848 | ---- | C] () -- C:\WINDOWS\unwise.exe
[2005/03/26 15:16:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2005/03/22 20:52:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/03/21 19:18:34 | 000,000,057 | ---- | C] () -- C:\WINDOWS\rkeeper.ini
[2005/03/20 18:58:51 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/03/20 18:48:36 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\SH30W32.DLL
[2005/03/20 13:38:46 | 000,000,576 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/03/20 01:39:50 | 000,001,460 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/03/19 17:04:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Setup32.INI
[2005/03/19 15:52:48 | 000,000,894 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2005/03/19 15:16:11 | 000,005,604 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/03/19 15:07:23 | 000,001,044 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/03/19 14:08:52 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/03/16 07:47:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/16 07:45:39 | 000,001,833 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/16 07:41:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/03/16 07:30:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/16 07:20:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/03/16 07:19:24 | 000,586,014 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/03/16 07:19:24 | 000,123,968 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/03/16 06:59:46 | 000,000,299 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 08:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 08:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 08:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 08:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 08:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 08:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 08:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 08:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 08:18:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/11 18:25:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/11 18:20:10 | 000,345,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:14:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:12:16 | 000,026,508 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 17:01:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/18 15:10:36 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.DLL
[1999/07/05 05:00:00 | 000,075,040 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll

========== LOP Check ==========

[2009/02/08 09:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2009/11/02 21:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ascentive
[2008/08/08 20:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2006/08/24 23:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Beta client
[2008/12/02 11:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Christmasville
[2006/04/23 18:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Interactive
[2010/09/01 12:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/08/22 18:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Exetender
[2009/05/31 19:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/08/05 18:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friends Games
[2005/03/19 15:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Imaginext™
[2008/04/29 17:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/02/20 21:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2007/05/29 15:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\minigolfVUG
[2011/10/17 10:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfVUG_TacoBell3
[2009/10/19 07:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/05/30 14:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mushroom Age
[2011/09/28 18:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/09/01 12:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2007/07/10 20:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2006/09/25 06:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2007/03/06 22:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SkillJam
[2011/11/20 19:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/28 18:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2007/11/02 15:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/04 06:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/01/10 18:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2007/08/22 19:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/03/12 19:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/22 21:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/15 08:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 12:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/20 20:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\.bsnes
[2011/05/28 20:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\.minecraft
[2008/10/15 22:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\7Wonders
[2009/07/28 12:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Aisle 5 Games, Inc
[2009/05/25 10:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Ascentive
[2010/12/29 12:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Awem
[2011/11/04 13:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\ElevatedDiagnostics
[2007/04/04 11:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Expedia
[2008/05/08 12:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Flock
[2009/05/31 19:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Flood Light Games
[2008/04/06 07:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\FrimaStudio
[2008/06/01 20:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\GamesCafe
[2009/01/12 13:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\GetRightToGo
[2008/03/03 18:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\GlarySoft
[2007/11/02 09:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\IE7Pro
[2008/06/13 12:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\ieSpell
[2008/03/08 10:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Image Zone Express
[2008/01/05 17:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\iolo
[2007/07/11 23:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\iScreensaver
[2009/03/19 06:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\iWin
[2007/10/05 09:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Juniper Networks
[2008/04/08 11:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Keynote Systems
[2005/08/18 18:11:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Leadertech
[2008/02/27 22:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\LEGO Company
[2008/07/24 12:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\LimeWire
[2005/03/26 14:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\MSNInstaller
[2006/07/07 19:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Musicmatch
[2008/11/13 15:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Netscape
[2009/05/18 16:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Oberonv1002
[2008/05/07 09:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Opera
[2008/06/17 15:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\PlayFirst
[2011/11/05 09:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\PriceGong
[2007/09/08 13:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Printer Info Cache
[2009/08/17 07:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\PRODEGETOOLBAR567
[2006/09/07 21:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Registry Booster
[2008/07/30 09:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\SaveThePuppy
[2007/03/30 20:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\SBTT
[2006/08/20 21:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Simple Star
[2010/01/08 16:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\SmartDraw
[2009/04/23 08:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\SMOz
[2006/12/01 19:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Snapfish
[2009/10/24 11:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\System Tweaker
[2009/02/15 19:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\TheScruffs
[2011/11/06 20:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Uniblue
[2007/03/10 00:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Viewpoint
[2009/01/07 14:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Vista Start Menu
[2006/05/13 05:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Walgreens
[2006/08/10 18:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\WholeSecurity
[2009/10/03 11:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Windows Desktop Search
[2009/12/09 18:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\Windows Search
[2010/09/28 07:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mary Belot\Application Data\WinPatrol
[2011/11/27 23:00:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Scan (mine).job
[2011/11/28 07:55:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2011/11/28 13:55:01 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2011/11/27 19:55:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2011/11/28 01:55:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2011/11/28 12:18:31 | 000,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task a40e3035-1c3d-43c5-bb5d-19e82e7289c5.job
[2011/11/28 02:00:01 | 000,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dbbc4589-4e09-49cb-b1bf-3e6f20d0c543.job
[2011/11/28 11:40:32 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DB2EB3C8-5ADC-4438-9383-4D7A94DBB0D8}.job

========== Purity Check ==========



< End of report >

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 PM

Posted 29 November 2011 - 08:35 AM

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

To do print screen follow these steps:

* Press Alt and Print Screen button on your keyboard
* Open Paint program
* From the menu choose Edit then Paste
* Now save the picture and attach it here for me to review.

If at any time you have difficulties with these instructions please let me know.

#11 mjb2010

mjb2010
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 29 November 2011 - 09:48 AM

Screenprint is 3MB and too large to attach. Please advise

#12 mjb2010

mjb2010
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 29 November 2011 - 11:13 AM

Volume Layout Type File System Status Capacity Free Space % Free Fault Tolerance Overhead
Partition Basic FAT Healthy EASI Config 55MB 48mb 87% No 0%
Partition Basic FAT32 Healthy Unknown Partition 3.76 GB 371 mb 9% No 0%
Partition Basic Healthy Active 9MB 9mb 100% No 0%
(C:) Partition Basic NTFS Healthy Boot 70.67 GB 9.70 gb 13% No 0%
Disk 0 Basic 74.51 GB Online

Attached Files



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 PM

Posted 29 November 2011 - 02:21 PM

Exactly what I was looking for.

The following instructions are very important and should be followed very attentively.

If at any time you are not sure what to do please stop and ask.

Preferably from a clean computer, I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)
Windows XP Recovery Console rc.iso

Create a bootable CD, 1 for Gparted and 1 for the Windows XP Recovery Console, from the ISO images. You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.

Posted Image
You should be here...
Press ENTER

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Posted Image
Choose your language and press ENTER. English is default [33]

Posted Image
Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below
Posted Image
According to your logs, the partition that you want to delete is Unknown Partition 3.76 GB 371 mb 9% No 0%
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:
Posted Image

Now you should be here:
Posted Image

Posted Image
Is "boot" next to your OS drive?

If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:
Posted Image

Now double-click the Posted Image button.

You should receive a small pop up like this:
Posted Image
Choose reboot and then press OK.

Now reboot from the Windows XP Recovery Console CD and execute the following commands:

  • fixmbr \Device\HardDisk0
  • fixboot c:
  • exit
Once back in Windows.

Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Attach that file.


#14 mjb2010

mjb2010
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 29 November 2011 - 05:21 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 194):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF8A75000 \WINDOWS\system32\KDCOM.DLL
0xF8985000 \WINDOWS\system32\BOOTVID.dll
0xF8446000 ACPI.sys
0xF8A77000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8435000 pci.sys
0xF8575000 isapnp.sys
0xF83C4000 Wdf01000.sys
0xF8585000 \WINDOWS\system32\DRIVERS\WDFLDR.SYS
0xF8B3D000 pciide.sys
0xF87F5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8A79000 aliide.sys
0xF8A7B000 cmdide.sys
0xF8A7D000 toside.sys
0xF8A7F000 viaide.sys
0xF8A81000 intelide.sys
0xF8595000 MountMgr.sys
0xF83A5000 ftdisk.sys
0xF8A83000 dmload.sys
0xF837F000 dmio.sys
0xF87FD000 PartMgr.sys
0xF85A5000 VolSnap.sys
0xF8989000 cpqarray.sys
0xF8367000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF834F000 atapi.sys
0xF898D000 aha154x.sys
0xF8805000 sparrow.sys
0xF85B5000 aic78xx.sys
0xF8991000 dac960nt.sys
0xF85C5000 ql10wnt.sys
0xF8995000 amsint.sys
0xF880D000 asc.sys
0xF8999000 asc3550.sys
0xF8815000 mraid35x.sys
0xF881D000 i2omp.sys
0xF899D000 ini910u.sys
0xF85D5000 ql1240.sys
0xF85E5000 aic78u2.sys
0xF8825000 symc8xx.sys
0xF882D000 sym_hi.sys
0xF8835000 sym_u3.sys
0xF883D000 ABP480N5.SYS
0xF8845000 asc3350p.sys
0xF8A85000 cd20xrnt.sys
0xF85F5000 ultra.sys
0xF884D000 dpti2o.sys
0xF8336000 adpu160m.sys
0xF8605000 ql1080.sys
0xF8615000 ql1280.sys
0xF8625000 ql12160.sys
0xF89A1000 cbidf2k.sys
0xF830A000 dac2w2k.sys
0xF8855000 hpn.sys
0xF885D000 perc2.sys
0xF8A87000 perc2hib.sys
0xF8635000 disk.sys
0xF8645000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF82EA000 fltmgr.sys
0xF82D8000 sr.sys
0xF82C3000 drvmcdb.sys
0xF8655000 PxHelp20.sys
0xF82AC000 KSecDD.sys
0xF821F000 Ntfs.sys
0xF81F2000 NDIS.sys
0xF8665000 sisagp.sys
0xF8675000 viaagp.sys
0xF8865000 sfhlp02.sys
0xF81E0000 sfdrv01.sys
0xF81C6000 Mup.sys
0xF8685000 agp440.sys
0xF8695000 alim1541.sys
0xF86A5000 amdagp.sys
0xF86B5000 agpCPQ.sys
0xF7D37000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7508000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF74F4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8945000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF74D0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF894D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF74A9000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7469000 \SystemRoot\system32\drivers\smwdm.sys
0xF7445000 \SystemRoot\system32\drivers\portcls.sys
0xF7697000 \SystemRoot\system32\drivers\drmk.sys
0xF7422000 \SystemRoot\system32\drivers\ks.sys
0xF736F000 \SystemRoot\system32\drivers\senfilt.sys
0xF735B000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7687000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7D33000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF8ADF000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7677000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7667000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF8955000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7657000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8AE1000 \SystemRoot\system32\DRIVERS\serscan.sys
0xF8BA7000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7647000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7D27000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7344000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF86D5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF86E5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF895D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7333000 \SystemRoot\system32\DRIVERS\psched.sys
0xF86F5000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8965000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF896D000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7303000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8705000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8975000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF897D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8AE3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF72A5000 \SystemRoot\system32\DRIVERS\update.sys
0xF8A25000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF887D000 \SystemRoot\system32\DRIVERS\omci.sys
0xF8725000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8735000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8AE5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF8A59000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8AEF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8CB3000 \SystemRoot\System32\Drivers\Null.SYS
0xF8AF1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF888D000 \SystemRoot\system32\drivers\ssrtln.sys
0xAA780000 \??\C:\WINDOWS\system32\drivers\SBREdrv.sys
0xF8895000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF889D000 \SystemRoot\System32\drivers\vga.sys
0xF8AF3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8AF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF88A5000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF88AD000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8A65000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA6FD000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA6A4000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA67C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA644000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xF8A6D000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAA622000 \SystemRoot\System32\drivers\afd.sys
0xF8755000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA600000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF88B5000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAA5D5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA565000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8765000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA53F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8785000 \SystemRoot\system32\drivers\ip6fw.sys
0xF8795000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF88BD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF87A5000 \SystemRoot\system32\DRIVERS\dc3d.sys
0xF80E2000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF88DD000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF88E5000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF7F0D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF87E5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF81B6000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF7F01000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7EFD000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xF7EF9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF8196000 \SystemRoot\system32\DRIVERS\point32.sys
0xF7EF5000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF8745000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA2BF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8B0D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8A61000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8935000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8BD1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBF15A000 \SystemRoot\System32\ATMFD.DLL
0xAA37F000 \SystemRoot\system32\drivers\drvnddm.sys
0xF8C9D000 \SystemRoot\system32\dla\tfsndres.sys
0xAA231000 \SystemRoot\system32\dla\tfsnifs.sys
0xF7EE9000 \SystemRoot\system32\dla\tfsnopio.sys
0xF8B11000 \SystemRoot\system32\dla\tfsnpool.sys
0xAA758000 \SystemRoot\system32\dla\tfsnboio.sys
0xAA36F000 \SystemRoot\system32\dla\tfsncofs.sys
0xF8C9E000 \SystemRoot\system32\dla\tfsndrct.sys
0xAA218000 \SystemRoot\system32\dla\tfsnudf.sys
0xAA1FF000 \SystemRoot\system32\dla\tfsnudfa.sys
0xAA277000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA05A000 \SystemRoot\system32\drivers\wdmaud.sys
0xF87C5000 \SystemRoot\system32\drivers\sysaudio.sys
0xAA15F000 \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
0xF8AA5000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA9BEC000 \SystemRoot\system32\DRIVERS\srv.sys
0xA99A5000 \??\C:\WINDOWS\system32\drivers\mqac.sys
0xA9973000 \??\C:\WINDOWS\system32\drivers\RMCast.sys
0xAA710000 \??\C:\Program Files\Verizon Games on Demand Player\X4HSX32.Sys
0xA93BA000 \SystemRoot\System32\Drivers\HTTP.sys
0xA91AF000
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
684 C:\WINDOWS\SYSTEM32\smss.exe
740 csrss.exe
764 C:\WINDOWS\SYSTEM32\winlogon.exe
808 C:\WINDOWS\SYSTEM32\services.exe
820 C:\WINDOWS\SYSTEM32\lsass.exe
1004 C:\WINDOWS\SYSTEM32\svchost.exe
1080 svchost.exe
1176 C:\WINDOWS\SYSTEM32\svchost.exe
1224 svchost.exe
1536 C:\WINDOWS\SYSTEM32\spoolsv.exe
1792 msdtc.exe
1868 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1880 C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
1896 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1952 C:\Program Files\Bonjour\mDNSResponder.exe
2000 C:\WINDOWS\SYSTEM32\CSHelper.exe
236 C:\WINDOWS\SYSTEM32\svchost.exe
260 C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
276 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
632 C:\Program Files\Java\jre6\bin\jqs.exe
668 C:\Program Files\Common Files\Motive\McciCMService.exe
1404 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1272 C:\WINDOWS\explorer.exe
1128 sqlservr.exe
1204 C:\WINDOWS\SYSTEM32\svchost.exe
1212 C:\WINDOWS\SYSTEM32\svchost.exe
1348 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
2068 sqlbrowser.exe
2108 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2184 C:\WINDOWS\SYSTEM32\svchost.exe
2224 C:\WINDOWS\SYSTEM32\UAService7.exe
2296 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2324 C:\WINDOWS\SYSTEM32\ctfmon.exe
2420 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2504 C:\WINDOWS\SYSTEM32\mqsvc.exe
2600 C:\WINDOWS\SYSTEM32\wuauclt.exe
2672 C:\Program Files\Yahoo!\common\YMailAdvisor.exe
3136 C:\Program Files\Canon\CAL\CALMAIN.exe
3220 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
396 svchost.exe
1764 C:\Program Files\Microsoft IntelliType Pro\itype.exe
2128 alg.exe
2052 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2200 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1360 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
1604 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3080 C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
1716 C:\WINDOWS\SYSTEM32\msiexec.exe
1944 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
556 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
1752 C:\Program Files\Internet Explorer\iexplore.exe
1992 C:\Documents and Settings\Mary Belot\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000012`9fd37a00

PhysicalDrive0 Model Number: ST380013AS, Rev: 8.12

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:19 PM

Posted 30 November 2011 - 08:19 AM

Looking good.

Can you now run the TDSSKiller.exe tool and submit the file.
Let me know what problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users