Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something strange


  • This topic is locked This topic is locked
5 replies to this topic

#1 jnord24

jnord24

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 28 December 2011 - 08:33 AM

I see that many have viewed my post but none have replied. I realized my problems weren't solved because all of the subfolders on my start menu are empty. I did some research, and found my issue to be the same as the person infected with the "windows restore virus" found here http://forums.malwarebytes.org/index.php?showtopic=83625. Since I did not receive a reply, I went ahead and ran unhide and OTL initial scan as instructed; however, I have not made any "customized repairs". To save time, here is the log:

OTL logfile created on: 12/28/2011 8:36:59 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joyce nord\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 42.01% Memory free
7.61 Gb Paging File | 5.67 Gb Available in Paging File | 74.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.61 Gb Total Space | 74.95 Gb Free Space | 26.33% Space Free | Partition Type: NTFS
Drive D: | 13.18 Gb Total Space | 2.19 Gb Free Space | 16.63% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.73 Mb Free Space | 93.35% Space Free | Partition Type: FAT32

Computer Name: HPPAVILLION | User Name: Joyce nord | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Joyce Nord\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files (x86)\Aczen Innovations\Time-Aid\Time-Aid.exe (Aczen)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
PRC - C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe (Absolute Software)
PRC - C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\Intuit\QuickBooks Pro 2010\QBDBMgrN.exe (Intuit, Inc.)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\HyperSnap 6\HprSnap6.exe (Hyperionics Technology LLC)
PRC - C:\Users\Joyce Nord\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7fb80e48899821b64471f8e7ac2d08b7\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
SRV - (AbsoluteNotifier) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe (Absolute Software)
SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (QBCFMonitorService) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QuickBooksDB20) -- C:\Program Files (x86)\Intuit\QuickBooks Pro 2010\QBDBMgrN.exe (Intuit, Inc.)
SRV - (QBFCService) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (pnetmdm) -- C:\Windows\SysNative\drivers\pnetmdm64.sys (June Fabrics Technology)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111223.002\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111223.002\eng64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll File not found
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/09 20:16:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/10 10:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/13 16:27:36 | 000,000,000 | ---D | M]

[2010/04/13 20:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joyce Nord\AppData\Roaming\Mozilla\Extensions
[2010/04/13 20:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joyce Nord\AppData\Roaming\Mozilla\Firefox\Profiles\amsvyiz8.default\extensions
[2011/12/10 08:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joyce Nord\AppData\Roaming\Mozilla\Firefox\Profiles\dcrxm2q2.default\extensions
[2010/04/12 23:07:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joyce Nord\AppData\Roaming\Mozilla\Firefox\Profiles\dcrxm2q2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/12 23:07:06 | 000,000,000 | ---D | M] (Qute) -- C:\Users\Joyce Nord\AppData\Roaming\Mozilla\Firefox\Profiles\dcrxm2q2.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2010/04/12 23:07:08 | 000,000,000 | ---D | M] (Plastikfox Crystal SVG) -- C:\Users\Joyce Nord\AppData\Roaming\Mozilla\Firefox\Profiles\dcrxm2q2.default\extensions\{4674e8a2-eb7e-4822-b517-b18328b3e8e8}
[2011/12/28 08:22:55 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\Joyce Nord\AppData\Roaming\Mozilla\Firefox\Profiles\dcrxm2q2.default\extensions\ietab@ip.cn
[2009/06/23 08:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joyce Nord\AppData\Roaming\Mozilla\Firefox\Profiles\rkjglsuc.default\extensions
[2011/12/13 16:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/28 06:49:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/01/09 20:16:24 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011/12/10 10:07:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/29 22:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/10 10:07:27 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [vptray] C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [googletalk] C:\Users\Joyce nord\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Installation Diagnostics] C:\Program Files (x86)\Brother\Brmfl06d\Brinstck.exe (Brother Industries, Ltd.)
O4 - HKCU..\Run: [Time-Aid] C:\Program Files (x86)\Aczen Innovations\Time-Aid\Time-Aid.exe (Aczen)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} http://70.88.60.220/Ctl/WinWebPush.cab (WebWatch Class)
O16 - DPF: {8214B72E-B0CD-466E-A44D-1D54D926038D} http://cgtca.is-a-geek.com:85/AVC_AX_724.cab (CV781Object Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} http://10.100.100.12/DvrOcx.cab (DvrOcx Control)
O16 - DPF: {AD315309-EA00-45AE-9E8E-B6A61CE6B974} http://70.88.60.220/Ctl/MeIpCamX.cab (RecordSend Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20778828-5145-462F-88C4-A1E5E829ECC7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks Pro 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2011/12/28 08:35:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Joyce nord\Desktop\OTL.exe
[2011/12/25 11:39:24 | 000,000,000 | ---D | C] -- C:\Users\Joyce nord\AppData\Roaming\Logitech
[2011/12/25 11:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2011/12/25 11:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/12/20 11:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/12/20 11:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/12/14 13:08:10 | 000,000,000 | ---D | C] -- C:\Users\Joyce nord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
[2011/12/14 13:08:07 | 000,000,000 | ---D | C] -- C:\Users\Joyce nord\AppData\Roaming\Google
[2011/12/14 03:38:23 | 000,058,288 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2011/12/14 03:38:00 | 000,013,160 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\Upgrd.exe
[2011/12/13 16:22:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/13 16:21:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/13 16:21:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/13 16:21:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/13 14:53:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/13 14:52:44 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/13 14:52:44 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/13 14:52:44 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/13 14:52:44 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/13 14:52:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/13 14:52:44 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/13 14:52:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/13 14:52:43 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/13 14:52:43 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/13 14:52:43 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/13 14:52:43 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/13 14:52:43 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/13 14:52:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/13 14:52:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/13 14:52:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/13 14:51:57 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/13 14:51:57 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/13 14:27:03 | 000,000,000 | ---D | C] -- C:\Users\Joyce nord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperSnap 6
[2011/12/10 09:29:44 | 000,347,920 | ---- | C] (Microsoft Corporation) -- C:\Users\Joyce nord\Desktop\MicrosoftFixit.maintenance.Run.exe
[2011/12/08 18:28:09 | 000,000,000 | ---D | C] -- C:\Users\Joyce nord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2011/11/18 14:04:15 | 000,000,000 | ---D | C] -- C:\Users\Joyce nord\SYSTAT_12
[2011/11/18 13:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYSTAT 12
[2011/11/18 13:58:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MYSTAT 12
[2011/10/21 15:43:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Rpcnet
[2011/10/20 16:38:02 | 000,700,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2011/10/20 16:38:02 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2011/10/20 16:38:02 | 000,038,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2011/10/20 16:37:54 | 000,185,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2011/10/20 16:37:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2011/10/20 16:37:32 | 002,621,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2011/10/20 16:37:32 | 000,057,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2011/10/20 16:37:32 | 000,043,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2011/10/20 16:36:48 | 000,000,000 | ---D | C] -- C:\5b27bc636829f05a24462a0e
[2011/10/20 16:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2011/10/20 15:20:33 | 000,000,000 | ---D | C] -- C:\Users\Joyce nord\AppData\Local\Absolute_Software
[2011/10/20 15:20:32 | 000,000,000 | ---D | C] -- C:\Users\Joyce nord\AppData\Roaming\Absolute Software
[2011/10/20 15:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Absolute Software
[2011/10/20 15:18:35 | 000,000,000 | ---D | C] -- C:\Users\Joyce nord\AppData\Roaming\Absolute
[2011/10/20 15:07:43 | 000,058,288 | ---- | C] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2011/10/20 12:01:43 | 000,000,000 | ---D | C] -- C:\Users\Joyce nord\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prey
[2011/10/20 12:01:39 | 000,000,000 | ---D | C] -- C:\Prey
[2011/10/17 20:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bamboo Dock
[2011/10/17 20:54:55 | 000,642,928 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Touch_Tablet.dll
[2011/10/17 20:54:55 | 000,000,000 | ---D | C] -- C:\Users\Joyce nord\AppData\Roaming\WTablet
[2011/10/17 20:54:54 | 000,749,936 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Touch_Tablet.dll
[2011/10/17 20:54:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2011/10/17 20:54:44 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo
[2011/10/17 20:54:06 | 000,018,288 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys
[2011/10/17 20:53:31 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys
[2011/10/17 20:53:02 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys
[2011/10/17 20:52:59 | 000,506,736 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll
[2011/10/17 20:52:58 | 000,600,432 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wintab32.dll
[2011/10/17 20:52:57 | 000,650,096 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Tablet.dll
[2011/10/17 20:52:56 | 000,756,592 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.dll
[2011/10/17 20:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2011/10/17 20:47:21 | 000,000,000 | R--D | C] -- C:\Users\Joyce nord\Documents\Notes
[2011/10/17 20:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2011/10/17 20:37:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2011/10/13 00:29:43 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/13 00:29:43 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/13 00:29:43 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/10/13 00:29:43 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/13 00:29:43 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/13 00:29:42 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/10/13 00:29:42 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/10/13 00:29:42 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/10/13 00:29:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/10/13 00:29:42 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/10/13 00:29:38 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/13 00:29:38 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2010/09/25 13:10:23 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\MSVCR80.dll
[2010/09/25 13:10:23 | 000,081,920 | ---- | C] (WIZnet Corp.) -- C:\Program Files\Common Files\WIZ1x0SR_105SR_CFG.exe
[2010/09/25 13:10:23 | 000,081,920 | ---- | C] (WIZnet Corp.) -- C:\Program Files (x86)\Common Files\WIZ1x0SR_105SR_CFG.exe
[1 C:\Users\Joyce nord\*.tmp files -> C:\Users\Joyce nord\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/12/28 08:35:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Joyce nord\Desktop\OTL.exe
[2011/12/28 08:34:36 | 000,000,517 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/12/28 08:33:38 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2011/12/28 08:30:43 | 000,112,907 | ---- | M] () -- C:\Users\Joyce nord\Desktop\missing items.jpg
[2011/12/28 08:02:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 08:02:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/28 07:53:33 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2011/12/28 07:53:31 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2011/12/28 07:53:30 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011/12/28 07:53:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/28 07:53:13 | 3063,046,144 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/28 07:38:25 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/28 07:38:25 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/28 07:38:25 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/28 07:17:57 | 000,684,297 | ---- | M] () -- C:\Users\Joyce nord\Desktop\unhide.exe
[2011/12/28 06:51:36 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011/12/28 06:51:07 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2011/12/27 14:57:13 | 000,001,119 | ---- | M] () -- C:\Users\Joyce nord\Desktop\WBFS Manager 3.0.lnk
[2011/12/27 09:39:28 | 003,550,293 | ---- | M] () -- C:\Users\Joyce nord\Desktop\VPW425_SM_1a.pdf
[2011/12/20 12:33:31 | 000,001,097 | ---- | M] () -- C:\Users\Joyce nord\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/12/20 12:23:24 | 000,458,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/18 18:00:18 | 000,012,056 | ---- | M] () -- C:\Users\Joyce nord\Desktop\CGTCA Budget Meeting Shortcut.lnk
[2011/12/18 17:37:59 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\Upgrd.exe
[2011/12/18 17:37:55 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2011/12/18 13:03:51 | 000,018,432 | ---- | M] () -- C:\Users\Joyce nord\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 09:41:11 | 000,136,117 | ---- | M] () -- C:\Users\Joyce nord\Desktop\2011_12_14 properties.jpg
[2011/12/14 09:40:55 | 000,020,884 | ---- | M] () -- C:\Users\Joyce nord\Desktop\rpcld.exe properties.jpg
[2011/12/14 09:40:23 | 000,051,420 | ---- | M] () -- C:\Users\Joyce nord\Desktop\2011_12_14 rpcnet process properties..jpg
[2011/12/13 16:45:47 | 000,163,792 | ---- | M] () -- C:\Users\Joyce nord\Desktop\more files ownt delete form syswow2jpg.jpg
[2011/12/13 16:45:35 | 000,170,918 | ---- | M] () -- C:\Users\Joyce nord\Desktop\more files wont delete from syswow64jpg.jpg
[2011/12/13 16:43:59 | 000,171,305 | ---- | M] () -- C:\Users\Joyce nord\Desktop\cannot delete syswow.jpg
[2011/12/13 14:52:01 | 000,049,594 | ---- | M] () -- C:\Users\Joyce nord\Desktop\rpcnet called.jpg
[2011/12/13 14:49:08 | 000,179,407 | ---- | M] () -- C:\Users\Joyce nord\Desktop\googleupdatetaskmachineuaactions.jpg
[2011/12/13 14:48:43 | 000,183,784 | ---- | M] () -- C:\Users\Joyce nord\Desktop\googleupdateaUActionstriggers.jpg
[2011/12/13 14:48:20 | 000,211,342 | ---- | M] () -- C:\Users\Joyce nord\Desktop\googleupdatetaskmachine.jpg
[2011/12/13 14:47:32 | 000,178,069 | ---- | M] () -- C:\Users\Joyce nord\Desktop\googleupdateactions.jpg
[2011/12/13 14:46:51 | 000,181,137 | ---- | M] () -- C:\Users\Joyce nord\Desktop\googleupdatetriggers.jpg
[2011/12/13 14:46:23 | 000,213,943 | ---- | M] () -- C:\Users\Joyce nord\Desktop\googleupdate task1.jpg
[2011/12/13 14:35:06 | 000,098,584 | ---- | M] () -- C:\Users\Joyce nord\Desktop\gupdatedownloads.jpg
[2011/12/13 14:34:16 | 000,037,129 | ---- | M] () -- C:\Users\Joyce nord\Desktop\googleupdate.exe properties.jpg
[2011/12/13 14:28:26 | 000,149,681 | ---- | M] () -- C:\Users\Joyce nord\Desktop\registryentry3.jpg
[2011/12/13 14:27:52 | 000,149,208 | ---- | M] () -- C:\Users\Joyce nord\Desktop\registry entry service 2.jpg
[2011/12/13 14:27:35 | 000,157,028 | ---- | M] () -- C:\Users\Joyce nord\Desktop\registry entry one.jpg
[2011/12/13 14:27:04 | 000,000,942 | ---- | M] () -- C:\Users\Joyce nord\Desktop\HyperSnap 6.lnk
[2011/12/10 14:47:05 | 000,000,064 | ---- | M] () -- C:\Users\Joyce nord\AppData\Roaming\Statdisk.prefs
[2011/12/10 10:10:16 | 000,002,052 | ---- | M] () -- C:\Users\Joyce nord\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/10 10:08:15 | 000,009,447 | ---- | M] () -- C:\Users\Joyce nord\AppData\Roaming\Comma Separated Values (Windows).EML
[2011/12/10 10:08:15 | 000,009,439 | ---- | M] () -- C:\Users\Joyce nord\AppData\Roaming\Microsoft Access 97-2003.EML
[2011/12/10 10:08:15 | 000,009,430 | ---- | M] () -- C:\Users\Joyce nord\AppData\Roaming\Microsoft Excel 97-2003.EML
[2011/12/10 10:08:15 | 000,009,330 | ---- | M] () -- C:\Users\Joyce nord\AppData\Roaming\Tab Separated Values (Windows).EML
[2011/12/10 09:29:51 | 000,347,920 | ---- | M] (Microsoft Corporation) -- C:\Users\Joyce nord\Desktop\MicrosoftFixit.maintenance.Run.exe
[2011/12/10 07:11:29 | 000,441,992 | ---- | M] () -- C:\ProgramData\TaRwjfMMKY.exe
[2011/12/06 19:34:25 | 000,004,096 | ---- | M] () -- C:\Users\Joyce nord\AppData\Local\keyfile3.drm
[2011/12/04 14:51:04 | 000,042,735 | ---- | M] () -- C:\Users\Joyce nord\Documents\2012 budgt considerations.pdf
[2011/11/28 19:37:05 | 000,056,893 | ---- | M] () -- C:\Users\Joyce nord\Documents\MTH-180-81 Week 13 discussion.pdf
[2011/11/28 16:12:04 | 000,382,805 | ---- | M] () -- C:\Users\Joyce nord\Documents\wk13 sec 9.3 problems worked out2.pdf
[2011/11/11 01:41:43 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/11/11 00:50:44 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/11/10 13:57:45 | 000,117,789 | ---- | M] () -- C:\Users\Joyce nord\Documents\Document2.pdf
[2011/11/05 00:26:28 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/11/05 00:23:43 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/11/05 00:23:41 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/11/05 00:23:10 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/11/05 00:22:40 | 000,256,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/11/05 00:19:56 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/11/04 23:35:47 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/11/04 23:34:40 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/11/04 23:34:15 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/11/04 23:34:00 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/11/04 23:32:00 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/11/04 23:07:32 | 000,482,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/11/04 22:28:41 | 000,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/11/02 14:21:09 | 000,072,858 | ---- | M] () -- C:\Users\Joyce nord\Documents\Intuit.pdf
[2011/10/31 19:44:22 | 000,783,292 | ---- | M] () -- C:\Users\Joyce nord\Documents\Week 2 Discussion Forum.pdf
[2011/10/27 11:00:19 | 000,104,421 | ---- | M] () -- C:\Users\Joyce nord\Documents\chicken egg problem.pdf
[2011/10/26 00:19:07 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/10/25 15:40:21 | 000,078,652 | ---- | M] () -- C:\Users\Joyce nord\Documents\problems worked out.pdf
[2011/10/25 13:58:27 | 000,055,631 | ---- | M] () -- C:\Users\Joyce nord\Documents\Document5.pdf
[2011/10/20 16:36:18 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/10/20 14:44:06 | 000,258,048 | ---- | M] () -- C:\Windows\SysWow64\gdt.cpl
[2011/10/18 13:08:41 | 000,139,884 | ---- | M] () -- C:\Users\Joyce nord\Documents\MTH-180-81 Week 8 discussion.pdf
[2011/10/17 16:58:33 | 000,087,563 | ---- | M] () -- C:\Users\Joyce nord\Documents\ACDSee ProPrint Job.pdf
[2011/10/17 08:37:22 | 000,838,223 | ---- | M] () -- C:\Users\Joyce nord\Documents\PAIR RXP & 2007 SUPERCHARGED 215 SEADOO RXT.pdf
[2011/10/15 13:11:47 | 000,086,780 | ---- | M] () -- C:\Users\Joyce nord\Documents\Anthropometry and Ergonomics in Airline Seating.pdf
[2011/10/15 01:25:12 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/10/15 00:48:52 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/10/13 14:12:01 | 000,127,963 | ---- | M] () -- C:\Users\Joyce nord\Documents\Amazon.pdf
[2011/10/13 06:52:29 | 000,108,389 | ---- | M] () -- C:\Users\Joyce nord\Documents\MTH-180-81 Week 7 discussion.pdf
[2011/10/03 05:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/03 05:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/03 05:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/03 05:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/09/29 23:19:15 | 573,828,004 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Users\Joyce nord\*.tmp files -> C:\Users\Joyce nord\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/28 08:30:42 | 000,112,907 | ---- | C] () -- C:\Users\Joyce nord\Desktop\missing items.jpg
[2011/12/28 07:17:55 | 000,684,297 | ---- | C] () -- C:\Users\Joyce nord\Desktop\unhide.exe
[2011/12/27 09:39:27 | 003,550,293 | ---- | C] () -- C:\Users\Joyce nord\Desktop\VPW425_SM_1a.pdf
[2011/12/18 18:00:18 | 000,012,056 | ---- | C] () -- C:\Users\Joyce nord\Desktop\CGTCA Budget Meeting Shortcut.lnk
[2011/12/14 09:41:11 | 000,136,117 | ---- | C] () -- C:\Users\Joyce nord\Desktop\2011_12_14 properties.jpg
[2011/12/14 09:40:55 | 000,020,884 | ---- | C] () -- C:\Users\Joyce nord\Desktop\rpcld.exe properties.jpg
[2011/12/14 09:40:22 | 000,051,420 | ---- | C] () -- C:\Users\Joyce nord\Desktop\2011_12_14 rpcnet process properties..jpg
[2011/12/14 03:21:05 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011/12/13 16:45:47 | 000,163,792 | ---- | C] () -- C:\Users\Joyce nord\Desktop\more files ownt delete form syswow2jpg.jpg
[2011/12/13 16:45:35 | 000,170,918 | ---- | C] () -- C:\Users\Joyce nord\Desktop\more files wont delete from syswow64jpg.jpg
[2011/12/13 16:43:58 | 000,171,305 | ---- | C] () -- C:\Users\Joyce nord\Desktop\cannot delete syswow.jpg
[2011/12/13 14:52:01 | 000,049,594 | ---- | C] () -- C:\Users\Joyce nord\Desktop\rpcnet called.jpg
[2011/12/13 14:49:07 | 000,179,407 | ---- | C] () -- C:\Users\Joyce nord\Desktop\googleupdatetaskmachineuaactions.jpg
[2011/12/13 14:48:43 | 000,183,784 | ---- | C] () -- C:\Users\Joyce nord\Desktop\googleupdateaUActionstriggers.jpg
[2011/12/13 14:48:19 | 000,211,342 | ---- | C] () -- C:\Users\Joyce nord\Desktop\googleupdatetaskmachine.jpg
[2011/12/13 14:47:31 | 000,178,069 | ---- | C] () -- C:\Users\Joyce nord\Desktop\googleupdateactions.jpg
[2011/12/13 14:46:51 | 000,181,137 | ---- | C] () -- C:\Users\Joyce nord\Desktop\googleupdatetriggers.jpg
[2011/12/13 14:46:18 | 000,213,943 | ---- | C] () -- C:\Users\Joyce nord\Desktop\googleupdate task1.jpg
[2011/12/13 14:35:06 | 000,098,584 | ---- | C] () -- C:\Users\Joyce nord\Desktop\gupdatedownloads.jpg
[2011/12/13 14:34:16 | 000,037,129 | ---- | C] () -- C:\Users\Joyce nord\Desktop\googleupdate.exe properties.jpg
[2011/12/13 14:28:26 | 000,149,681 | ---- | C] () -- C:\Users\Joyce nord\Desktop\registryentry3.jpg
[2011/12/13 14:27:52 | 000,149,208 | ---- | C] () -- C:\Users\Joyce nord\Desktop\registry entry service 2.jpg
[2011/12/13 14:27:34 | 000,157,028 | ---- | C] () -- C:\Users\Joyce nord\Desktop\registry entry one.jpg
[2011/12/13 14:27:04 | 000,000,942 | ---- | C] () -- C:\Users\Joyce nord\Desktop\HyperSnap 6.lnk
[2011/12/10 08:52:48 | 000,113,256 | ---- | C] () -- C:\Users\Joyce nord\Desktop\compmgmt.msc
[2011/12/10 07:14:29 | 000,441,992 | ---- | C] () -- C:\ProgramData\TaRwjfMMKY.exe
[2011/12/04 14:51:04 | 000,042,735 | ---- | C] () -- C:\Users\Joyce nord\Documents\2012 budgt considerations.pdf
[2011/11/28 19:37:05 | 000,056,893 | ---- | C] () -- C:\Users\Joyce nord\Documents\MTH-180-81 Week 13 discussion.pdf
[2011/11/28 16:12:04 | 000,382,805 | ---- | C] () -- C:\Users\Joyce nord\Documents\wk13 sec 9.3 problems worked out2.pdf
[2011/11/10 13:57:45 | 000,117,789 | ---- | C] () -- C:\Users\Joyce nord\Documents\Document2.pdf
[2011/11/02 14:21:09 | 000,072,858 | ---- | C] () -- C:\Users\Joyce nord\Documents\Intuit.pdf
[2011/10/31 19:44:22 | 000,783,292 | ---- | C] () -- C:\Users\Joyce nord\Documents\Week 2 Discussion Forum.pdf
[2011/10/27 11:00:19 | 000,104,421 | ---- | C] () -- C:\Users\Joyce nord\Documents\chicken egg problem.pdf
[2011/10/26 10:22:08 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2011/10/26 10:22:08 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\rpcnetp.exe
[2011/10/25 15:40:21 | 000,078,652 | ---- | C] () -- C:\Users\Joyce nord\Documents\problems worked out.pdf
[2011/10/25 13:58:27 | 000,055,631 | ---- | C] () -- C:\Users\Joyce nord\Documents\Document5.pdf
[2011/10/20 14:45:46 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\gdt.cpl
[2011/10/20 12:02:52 | 000,000,029 | ---- | C] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2011/10/18 13:08:41 | 000,139,884 | ---- | C] () -- C:\Users\Joyce nord\Documents\MTH-180-81 Week 8 discussion.pdf
[2011/10/17 20:52:45 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\PenTouchTabletUserDefaults.xml
[2011/10/17 20:52:45 | 000,000,488 | ---- | C] () -- C:\Windows\SysNative\PenTabletUserDefaults.xml
[2011/10/17 16:58:33 | 000,087,563 | ---- | C] () -- C:\Users\Joyce nord\Documents\ACDSee ProPrint Job.pdf
[2011/10/17 08:37:22 | 000,838,223 | ---- | C] () -- C:\Users\Joyce nord\Documents\PAIR RXP & 2007 SUPERCHARGED 215 SEADOO RXT.pdf
[2011/10/15 13:11:47 | 000,086,780 | ---- | C] () -- C:\Users\Joyce nord\Documents\Anthropometry and Ergonomics in Airline Seating.pdf
[2011/10/13 14:12:01 | 000,127,963 | ---- | C] () -- C:\Users\Joyce nord\Documents\Amazon.pdf
[2011/10/13 06:52:29 | 000,108,389 | ---- | C] () -- C:\Users\Joyce nord\Documents\MTH-180-81 Week 7 discussion.pdf
[2011/08/17 10:48:44 | 000,000,064 | ---- | C] () -- C:\Users\Joyce nord\AppData\Roaming\Statdisk.prefs
[2011/06/02 19:34:08 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/11 11:30:42 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/11 11:30:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/11 11:30:42 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/11 11:30:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/11 11:30:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/10 10:54:51 | 000,118,784 | RHS- | C] () -- C:\Windows\SysWow64\KBDINMALQ.dll
[2011/02/19 13:26:17 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/02/11 11:30:11 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/02/03 15:29:15 | 000,000,517 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/02/03 15:29:15 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd9440cn.dat
[2011/02/03 15:29:15 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/02/03 15:28:09 | 000,001,220 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/02/03 15:28:09 | 000,000,165 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/02/03 15:25:51 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/02/03 15:25:51 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/02/03 15:25:48 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/02/03 15:25:35 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/01/18 18:11:09 | 000,009,430 | ---- | C] () -- C:\Users\Joyce nord\AppData\Roaming\Microsoft Excel 97-2003.EML
[2011/01/18 18:08:31 | 000,009,330 | ---- | C] () -- C:\Users\Joyce nord\AppData\Roaming\Tab Separated Values (Windows).EML
[2011/01/18 18:07:15 | 000,009,447 | ---- | C] () -- C:\Users\Joyce nord\AppData\Roaming\Comma Separated Values (Windows).EML
[2011/01/18 18:00:35 | 000,009,439 | ---- | C] () -- C:\Users\Joyce nord\AppData\Roaming\Microsoft Access 97-2003.EML
[2010/11/12 17:38:56 | 000,004,096 | ---- | C] () -- C:\Users\Joyce nord\AppData\Local\keyfile3.drm
[2010/08/22 08:44:11 | 000,000,120 | ---- | C] () -- C:\Users\Joyce nord\AppData\Local\Wremuy.dat
[2010/08/22 08:44:11 | 000,000,000 | ---- | C] () -- C:\Users\Joyce nord\AppData\Local\Fyayuv.bin
[2010/05/23 20:32:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2010/05/12 14:11:57 | 000,018,432 | ---- | C] () -- C:\Users\Joyce nord\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/04 18:45:29 | 000,000,092 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
[2010/04/28 21:36:48 | 000,000,188 | ---- | C] () -- C:\ProgramData\RmUserCfg.ini
[2010/04/28 21:36:17 | 000,229,442 | ---- | C] () -- C:\Windows\SysWow64\winpubf.dll
[2010/04/28 21:36:17 | 000,196,608 | ---- | C] () -- C:\Windows\SysWow64\nvrfs.dll
[2010/04/28 21:36:17 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CovH264ToAvi.dll
[2010/04/15 16:14:32 | 000,221,186 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2010/04/15 16:14:32 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2010/04/13 14:17:19 | 000,007,605 | ---- | C] () -- C:\Users\Joyce nord\AppData\Local\Resmon.ResmonCfg
[2010/04/13 13:34:23 | 000,221,216 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/04/13 13:34:23 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/04/13 10:04:22 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/04/12 13:37:42 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxRUS.dll
[2010/04/12 13:37:02 | 000,209,408 | ---- | C] () -- C:\Windows\SysWow64\DvrOcxCHS.dll
[2010/03/13 13:46:04 | 000,671,839 | ---- | C] () -- C:\Windows\SysWow64\RM_DVRNET_DLL.dll
[2010/01/16 04:26:33 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/01/16 04:26:33 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/10/08 11:34:52 | 000,874,032 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2009/10/08 11:34:52 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009/10/08 11:34:52 | 000,049,712 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/10/08 10:36:18 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/10/08 10:36:18 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/08/06 09:52:38 | 000,909,312 | ---- | C] () -- C:\Windows\SysWow64\AVC_AX_724_H264.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:27:10 | 000,427,008 | ---- | C] () -- C:\Windows\regedit.exe
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/02/12 19:01:58 | 000,976,384 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2005/08/06 15:15:16 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll

========== LOP Check ==========

[2010/04/13 13:27:28 | 000,000,000 | ---D | M] -- C:\Users\Joyce nord\AppData\Roaming\4Team
[2011/12/28 06:49:26 | 000,000,000 | ---D | M] -- C:\Users\Joyce nord\AppData\Roaming\Absolute
[2011/12/28 06:49:26 | 000,000,000 | ---D | M] -- C:\Users\Joyce nord\AppData\Roaming\Absolute Software
[2010/05/12 14:05:23 | 000,000,000 | ---D | M] -- C:\Users\Joyce nord\AppData\Roaming\ACD Systems
[2010/09/08 12:38:27 | 000,000,000 | ---D | M] -- C:\Users\Joyce nord\AppData\Roaming\Aczen Innovations Inc
[2010/12/10 00:37:15 | 000,000,000 | ---D | M] -- C:\Users\Joyce nord\AppData\Roaming\Blackberry Desktop
[2010/12/11 22:30:05 | 000,000,000 | ---D | M] -- C:\Users\Joyce nord\AppData\Roaming\DS Development
[2011/05/24 12:40:19 | 000,000,000 | ---D | M] -- C:\Users\Joyce nord\AppData\Roaming\PC-FAX TX
[2010/12/10 00:35:10 | 000,000,000 | ---D | M] -- C:\Users\Joyce nord\AppData\Roaming\Research In Motion
[2011/02/19 13:53:56 | 000,000,000 | ---D | M] -- C:\Users\Joyce nord\AppData\Roaming\Smart PDF Creator
[2010/06/07 10:24:24 | 000,000,000 | ---D | M] -- C:\Users\Joyce nord\AppData\Roaming\SugarCRM
[2010/08/28 12:39:51 | 000,000,000 | ---D | M] -- C:\Users\Joyce nord\AppData\Roaming\TechWizard
[2011/09/27 22:38:32 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVF5VCPF2VV4KLSV7TCUKD6YAT1X0WM1RE8RJETLPFCVBRJNB9CKPLG4K1UHGL3KTVXJVDJF4VL4TM
@Alternate Data Stream - 56276 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVF5V6PF2VB4KLSV7TCUKD6YAT1X0WM1RE8RJET1NV6PBAFGV42EVNVLTVU5L6JA5
@Alternate Data Stream - 143 bytes -> C:\Users\Joyce nord\AppData\Roaming\Tab Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Joyce nord\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Joyce nord\AppData\Roaming\Microsoft Access 97-2003.EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Joyce nord\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty

< End of report >

OTL Extras logfile created on: 12/28/2011 8:36:59 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joyce nord\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 42.01% Memory free
7.61 Gb Paging File | 5.67 Gb Available in Paging File | 74.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.61 Gb Total Space | 74.95 Gb Free Space | 26.33% Space Free | Partition Type: NTFS
Drive D: | 13.18 Gb Total Space | 2.19 Gb Free Space | 16.63% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 92.73 Mb Free Space | 93.35% Space Free | Partition Type: FAT32

Computer Name: HPPAVILLION | User Name: Joyce nord | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{2511EB2D-5C1C-40D7-8E46-6676294D66EB}" = Symantec AntiVirus Win64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFe}" = Python 3.2.2 (64-bit)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Pen Tablet Driver" = Bamboo
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1747DF05-6890-440B-B094-2146F5DC50E0}" = HP MediaSmart SlingPlayer
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{30BEFEDE-0B7A-4659-ADD8-C82F00B64288}" = 7400
"{32257980-61DF-4685-A72B-08683838233B}" = 7300_Help
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57BBB1AD-A239-4B05-86F5-3D138A0CFEE8}" = PureVoice
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67C56836-7585-40A3-B61B-F95663140060}_is1" = PlayerLiteH 1.0.1.9.LH
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95140000-0052-0409-0000-0000000FF1CE}" = Microsoft Visio Viewer 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F153AD3-3523-4542-818E-AE2F92249667}" = SAMSUNG USB Driver for Mobile Phones
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5B5B6D8-DE44-44A3-90C4-8C07A1E0FAD4}" = WBFS Manager 2.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B0A92733-C870-415C-A494-DF72C2C58402}" = BlackBerry Device Software Updater
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{BBB111A8-422E-4D24-931D-918FE5BE47B1}" = GadgetTrak
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C25D2512-3136-4B33-9D32-8F0F5E81F349}" = MGTEK dopisp
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB011820-5484-4BC9-9644-88C17A69E708}" = WIZ1x0_105SR Configtool
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CF1CEE5B-EA17-469A-995B-91A1FC03E031}" = 4Team DuplicateKiller
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF6320E3-B716-4FAB-99CD-18AB6A2C3970}" = DJ Java Decompiler v.3.11.11.95
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide® Viewer ActiveX Control Release 6.5
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF7AA11F-8622-4F34-BAE1-DD2FA713E1BE}" = SugarOutlook
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.4 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 6.0
"Android SDK Tools" = Android SDK Tools
"AppInventor Setup" = AppInventor Setup
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2
"BlueJ_is1" = BlueJ 3.0.4
"D9-Viewer V1.1.9.42_is1" = D9-Viewer V1.1.9.42
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Greenfoot_is1" = Greenfoot 2.0.1
"HP Smart Web Printing" = HP Smart Web Printing
"HyperSnap 6" = HyperSnap 6
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{BBB111A8-422E-4D24-931D-918FE5BE47B1}" = GadgetTrak
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Pen Tablet Driver" = Bamboo
"Playback_is1" = Playback 2.3.0.4
"Time-Aid 3.23" = Time-Aid 3.23
"Time-Aid 3.27" = Time-Aid 3.27
"Time-Aid 3.36" = Time-Aid 3.36
"Time-Aid 3.38" = Time-Aid 3.38
"Time-Aid 3.76" = Time-Aid 3.76
"Verizon Media Manager" = Verizon Media Manager
"Video Viewer" = Video Viewer
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WBFS Manager 3.0" = WBFS Manager 3.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"ActiveTouchMeetingClient" = WebEx

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/10/2011 10:30:40 AM | Computer Name = hppavillion | Source = VSS | ID = 8193
Description =

Error - 12/10/2011 10:31:10 AM | Computer Name = hppavillion | Source = VSS | ID = 8193
Description =

Error - 12/10/2011 10:57:49 AM | Computer Name = hppavillion | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "H:\2011_12_10\gt\gtboot.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/11/2011 1:30:01 AM | Computer Name = hppavillion | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "C:\Program Files (x86)\SugarCRM\SugarOutlook\SugarOutlook.dll.Manifest".Error
in manifest or policy file "C:\Program Files (x86)\SugarCRM\SugarOutlook\SugarOutlook.dll.Manifest"
on line 4. The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint
which is not supported by this version of Windows.

Error - 12/11/2011 1:32:08 AM | Computer Name = hppavillion | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/11/2011 8:00:02 PM | Computer Name = hppavillion | Source = Windows Backup | ID = 4103
Description =

Error - 12/13/2011 1:30:01 AM | Computer Name = hppavillion | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "C:\Program Files (x86)\SugarCRM\SugarOutlook\SugarOutlook.dll.Manifest".Error
in manifest or policy file "C:\Program Files (x86)\SugarCRM\SugarOutlook\SugarOutlook.dll.Manifest"
on line 4. The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint
which is not supported by this version of Windows.

Error - 12/13/2011 1:32:06 AM | Computer Name = hppavillion | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/13/2011 3:07:39 PM | Computer Name = hppavillion | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: A system shutdown is in progress. .

Error - 12/13/2011 3:42:47 PM | Computer Name = hppavillion | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - Illegal operation
attempted on a registry key that has been marked for deletion.

[ Hewlett-Packard Events ]
Error - 2/22/2011 3:29:18 PM | Computer Name = hppavillion | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021122022910.xml
File not created by asset agent

Error - 9/27/2011 2:13:59 PM | Computer Name = hppavillion | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091127021346.xml
File not created by asset agent

[ OSession Events ]
Error - 1/18/2011 7:07:18 PM | Computer Name = hppavillion | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1903
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 2/19/2011 3:11:44 PM | Computer Name = hppavillion | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/29/2011 9:15:43 AM | Computer Name = hppavillion | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/28/2011 1:04:51 PM | Computer Name = hppavillion | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 660
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/26/2011 7:34:14 PM | Computer Name = hppavillion | Source = bowser | ID = 8003
Description =

Error - 12/26/2011 7:46:13 PM | Computer Name = hppavillion | Source = bowser | ID = 8003
Description =

Error - 12/26/2011 7:58:15 PM | Computer Name = hppavillion | Source = bowser | ID = 8003
Description =

Error - 12/28/2011 4:02:34 AM | Computer Name = hppavillion | Source = volsnap | ID = 393245
Description = The shadow copies of volume I: were aborted during detection.

Error - 12/28/2011 7:42:24 AM | Computer Name = hppavillion | Source = DCOM | ID = 10016
Description =

Error - 12/28/2011 7:46:11 AM | Computer Name = hppavillion | Source = Service Control Manager | ID = 7023
Description = The Intel® Management & Security Application User Notification Service
service terminated with the following error: %%-2147467243

Error - 12/28/2011 7:52:45 AM | Computer Name = hppavillion | Source = DCOM | ID = 10016
Description =

Error - 12/28/2011 8:32:53 AM | Computer Name = hppavillion | Source = DCOM | ID = 10016
Description =

Error - 12/28/2011 8:51:09 AM | Computer Name = hppavillion | Source = Service Control Manager | ID = 7034
Description = The Remote Procedure Call (RPC) LD service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/28/2011 8:54:42 AM | Computer Name = hppavillion | Source = DCOM | ID = 10016
Description =


< End of report >

I thought I had removed / prevented infection since I noticed it right away, however, after looking through the log files (at least to me) several entries seem suspicious. Help would be greatly appreciated as I start school again soon and if I need to reload I would need to do so before then. When I click on Start, All Programs, and then navigate to any sub item, under those items it says "empty".

I don't know what else i need to do since the fixes are normally customized.

Edited by jnord24, 28 December 2011 - 09:01 AM.


BC AdBot (Login to Remove)

 


#2 jnord24

jnord24
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 29 December 2011 - 10:32 AM

My post was moved to this forum by the mod but they left out a few things during the move which would help. I'm posting here to save the flip flop between posts.

My initial symptoms were:

I was using computer early in the morning and all of a sudden firefox started closing, and windows popped up "delayed write fail", and symantec corp poppped up indicating virus but no entry. I realized something was up immediately. I tried to ctrl alt del, but the task manager was gone. I booted into the diagnostics and checked the hard drive....no problems. So I did a boot into safe mode and was able to restore from an earlier date and got my task manager back, but found weird tasks that appeared to have reintstalled themselves within an hour after the restore. I found tasks GTlogon, GTupdate, GTinstaler running which had strange descriptions such as "WINLOGON", and ran from a SYSWOW64 folder. I did a whole bunch of stuff to stop the services GT*.*. Strangely enough I set them to disabled, tried stopping them and not only would I be told "access denied", but they would also reset themselves to automatic start. So, I set them to disabled and rebooted and was able to manually remove them from both the registry and manually as services. A day later I noticed them back again and noticed "task scheduler" on my recent used list. I hadn't used task scheduler, so I opened it and found that they were set to start as tasks, they were in the registry, etc. I removed them manually and I thought everything was ok until I realized my start menu items were missing. I had been googling and came here to try and find out what the issue was, but at the time I must have not hit on the key symptoms because now I googled again and found other posts (on malwarebyte's site) which led me to believe I was infected with some type of infection similar to both the "windows restore virus" and / or Rogue.fake.hdd.

So I downloaded malwarebytes and scanned like the post found (windows restore virus):

http://forums.malwarebytes.org/index.php?showtopic=101392.

Rogue.fake.hdd described:

http://forums.malwarebytes.org/index.php?showtopic=83625

Since the mod moved my post, I have not done anything but patiently wait.

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:05 AM

Posted 03 January 2012 - 08:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434956 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 jnord24

jnord24
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 03 January 2012 - 09:33 AM

I am running a 64bit version of windows and cannot run GMER.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Joyce nord at 9:25:37 on 2012-01-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.1145 [GMT -5:00]
.
AV: SymantecAntiVirus *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: SymantecAntiVirus *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Aczen Innovations\Time-Aid\Time-Aid.exe
C:\Users\Joyce nord\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Intuit\QuickBooks Pro 2010\qbw32.exe
C:\Windows\splwow64.exe
C:\Windows\system32\calc.exe
C:\ProgramData\Rpcnet\Bin\rpcld.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Time-Aid] C:\Program Files (x86)\Aczen Innovations\Time-Aid\Time-Aid.exe -m
uRun: [Installation Diagnostics] "C:\Program Files (x86)\Brother\Brmfl06d\Brinstck.exe" /I MFC-9440CN LAN
uRun: [AdobeUpdater] "C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe"
uRun: [googletalk] C:\Users\Joyce nord\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://70.88.60.220/Ctl/WinWebPush.cab
DPF: {8214B72E-B0CD-466E-A44D-1D54D926038D} - hxxp://cgtca.is-a-geek.com:85/AVC_AX_724.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://10.100.100.12/DvrOcx.cab
DPF: {AD315309-EA00-45AE-9E8E-B6A61CE6B974} - hxxp://70.88.60.220/Ctl/MeIpCamX.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{20778828-5145-462F-88C4-A1E5E829ECC7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{20778828-5145-462F-88C4-A1E5E829ECC7}\6496273386F6573756 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{20778828-5145-462F-88C4-A1E5E829ECC7}\64F6F626162745F6F6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{20778828-5145-462F-88C4-A1E5E829ECC7}\A494D4E45445 : DhcpNameServer = 192.168.100.1
TCP: Interfaces\{20778828-5145-462F-88C4-A1E5E829ECC7}\E456477454545425 : DhcpNameServer = 10.100.100.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~4\Office12\GRA32A~1.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks Pro 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Joyce nord\AppData\Roaming\Mozilla\Firefox\Profiles\dcrxm2q2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Users\Joyce nord\AppData\Roaming\Mozilla\Firefox\Profiles\dcrxm2q2.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: C:\Users\Joyce nord\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-5-10 10920]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2010-1-16 89600]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-6-2 133944]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-28 652872]
R2 rpcld;Remote Procedure Call (RPC) LD;C:\ProgramData\Rpcnet\Bin\rpcld.exe --> C:\ProgramData\Rpcnet\Bin\rpcld.exe [?]
R2 Symantec AntiVirus;Symantec AntiVirus;C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe [2009-9-16 1961768]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-10-17 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-10-17 487280]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-1-16 2320920]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-1-9 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-9 138360]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 QuickBooksDB20;QuickBooksDB20;C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 --> C:\PROGRA~2\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-12-28 23:03:13 -------- d-----w- C:\ModMii
2011-12-28 14:15:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-28 14:04:54 -------- d-----w- C:\_OTL
2011-12-14 08:38:23 58288 ------w- C:\Windows\SysWow64\rpcnet.exe
2011-12-14 08:38:00 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe
2011-12-14 08:21:05 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2011-12-13 21:21:57 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-13 19:53:18 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-13 19:51:59 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-12-13 19:51:57 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-13 19:51:57 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-13 19:51:31 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-13 19:51:31 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2012-01-03 14:24:05 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2011-12-28 14:33:54 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2011-12-28 14:33:51 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2011-12-28 11:51:07 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec
2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-20 19:44:06 258048 ----a-w- C:\Windows\SysWow64\gdt.cpl
2009-01-13 18:45:08 81920 ----a-w- C:\Program Files\Common Files\WIZ1x0SR_105SR_CFG.exe
2009-01-13 18:45:08 81920 ----a-w- C:\Program Files (x86)\Common Files\WIZ1x0SR_105SR_CFG.exe
2006-12-01 09:54:32 626688 ----a-w- C:\Program Files (x86)\Common Files\MSVCR80.dll
.
============= FINISH: 9:26:49.51 ===============
Attached File  Attach.zip   3.49KB   0 downloads

Edited by jnord24, 03 January 2012 - 09:37 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,786 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:05 AM

Posted 03 January 2012 - 10:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,786 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:05 AM

Posted 09 January 2012 - 09:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users