Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 halo8th

halo8th

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 30 January 2012 - 01:42 AM

I've been infected with the "System Check" virus. Half of my desktop icons are gone for now. I booted up in safe mode and ran the OTL. Here are the logs :


OTL logfile created on: 1/30/2012 12:24:09 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\TTAL\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 76.29% Memory free
5.95 Gb Paging File | 5.56 Gb Available in Paging File | 93.47% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.43 Gb Total Space | 119.47 Gb Free Space | 41.71% Space Free | Partition Type: NTFS
Drive D: | 11.66 Gb Total Space | 1.59 Gb Free Space | 13.60% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: TTAL | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/30 00:22:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\TTAL\Downloads\OTL.exe
PRC - [2011/09/02 07:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/15 07:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/22 03:59:04 | 001,101,960 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/21 08:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2006/08/08 08:18:18 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/29 22:29:04 | 000,497,496 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/09/02 07:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/06 19:32:29 | 003,435,096 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_8675ab0.dll -- (Akamai)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/05/14 10:59:44 | 000,455,944 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/17 11:49:44 | 000,616,408 | ---- | M] () [Auto | Stopped] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2009/01/26 13:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/26 11:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Stopped] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2007/05/31 07:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 07:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/08/10 03:11:14 | 000,057,344 | -H-- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/08/10 03:10:50 | 000,294,912 | -H-- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)


========== Driver Services (SafeList) ==========

DRV - [2012/01/08 22:00:02 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120129.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/08 22:00:02 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/01/08 22:00:02 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/01/08 22:00:02 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120129.008\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/15 17:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120126.003\IDSvix86.sys -- (IDSVix86)
DRV - [2011/11/30 20:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120121.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/02 17:16:30 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/29 10:12:00 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/04/29 10:11:58 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/03/30 21:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 21:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 18:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 20:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 00:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 18:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/07/07 08:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/12/30 05:51:34 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/10 22:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2008/09/27 00:51:00 | 007,478,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/26 04:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/09/10 06:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 06:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/04 05:34:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/08/01 06:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/21 10:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 10:12:22 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 03:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/02/08 21:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/09 03:30:42 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/08/08 08:18:50 | 000,009,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/08 08:18:28 | 000,035,128 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/08 08:18:26 | 000,097,880 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/08 08:18:26 | 000,094,680 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/08 08:18:24 | 000,026,136 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/08 08:18:22 | 000,032,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/08 08:18:20 | 000,104,504 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/08 08:18:20 | 000,014,552 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/01 19:06:18 | 000,028,216 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\S-1-5-21-1172320911-825183721-1134377370-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1172320911-825183721-1134377370-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1172320911-825183721-1134377370-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1172320911-825183721-1134377370-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/02/23 07:51:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010/05/02 11:42:25 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2012/01/30 00:07:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_4_3 [2012/01/30 00:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 13:52:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/21 10:14:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/02/23 07:51:29 | 000,000,000 | ---D | M]

[2010/05/08 06:55:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\TTAL\AppData\Roaming\Mozilla\Extensions
[2011/10/05 08:44:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\TTAL\AppData\Roaming\Mozilla\Firefox\Profiles\wd2w0am4.default\extensions
[2010/08/15 14:56:32 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\TTAL\AppData\Roaming\Mozilla\Firefox\Profiles\wd2w0am4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/05 08:44:53 | 000,000,000 | ---D | M] (XFINITY Toolbar) -- C:\Users\TTAL\AppData\Roaming\Mozilla\Firefox\Profiles\wd2w0am4.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}
[2011/03/28 05:55:29 | 000,000,000 | -H-D | M] (Vuze Remote Community Toolbar) -- C:\Users\TTAL\AppData\Roaming\Mozilla\Firefox\Profiles\wd2w0am4.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/28 05:55:27 | 000,000,000 | -H-D | M] (ShopToWin8) -- C:\Users\TTAL\AppData\Roaming\Mozilla\Firefox\Profiles\wd2w0am4.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}
[2011/03/28 05:55:29 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\TTAL\AppData\Roaming\Mozilla\Firefox\Profiles\wd2w0am4.default\extensions\engine@conduit.com
[2011/03/28 05:55:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\TTAL\AppData\Roaming\Mozilla\Firefox\Profiles\wd2w0am4.default\extensions\{fa3d1246-250b-4212-a2be-f1387ccca2e7}\chrome\content\dca\core\extensionManager
[2011/08/28 20:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/21 20:24:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/28 20:05:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2008/08/16 15:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2008/08/16 15:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008/08/16 15:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/05/21 06:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/05/21 06:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008/05/21 06:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/19 03:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/08/16 15:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/08/16 15:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2011/08/21 14:44:08 | 000,000,916 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 80.79.117.219 www.google.com
O1 - Hosts: 80.79.117.220 search.yahoo.com
O1 - Hosts: 80.79.117.220 www.bing.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1172320911-825183721-1134377370-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-1172320911-825183721-1134377370-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [gOPYcVGVjRBj.exe] C:\ProgramData\gOPYcVGVjRBj.exe (Microsoft Corp)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\Run: [QFHjnyOpVJm] C:\ProgramData\QFHjnyOpVJm.exe File not found
O4 - HKU\S-1-5-18..\Run: [QFHjnyOpVJm] C:\ProgramData\QFHjnyOpVJm.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1172320911-825183721-1134377370-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-1172320911-825183721-1134377370-1000..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKU\S-1-5-21-1172320911-825183721-1134377370-1000..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-1172320911-825183721-1134377370-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [0] C:\Windows\TEMP\0.5397936357570874.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [0] C:\Windows\TEMP\0.5397936357570874.exe File not found
O4 - HKU\S-1-5-21-1172320911-825183721-1134377370-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 1.1.4322; .NET CLR 3.0.30729; .NET4.0C)" -"http://games.yahoo.com/daily-games/wordsense" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0674107A-2CD4-4F44-868E-9E5F828F0DC8}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "services" - 2
MsConfig - State: "startup" - 0

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RkHit.sys - Reg Error: Value error.
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivXNetworks)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 22:26:58 | 000,000,000 | ---D | C] -- C:\Users\TTAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/29 22:26:04 | 000,362,496 | ---- | C] (Microsoft Corp) -- C:\ProgramData\234.exe
[2012/01/29 22:20:53 | 000,453,632 | -HS- | C] (Microsoft Corp) -- C:\ProgramData\gOPYcVGVjRBj.exe
[2012/01/21 21:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/01/21 21:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/01/21 21:20:09 | 000,000,000 | ---D | C] -- C:\Users\TTAL\AppData\Roaming\IObit
[2012/01/21 21:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/01/21 20:52:55 | 000,000,000 | ---D | C] -- C:\Users\TTAL\AppData\Roaming\PCPro
[2012/01/21 20:52:55 | 000,000,000 | ---D | C] -- C:\Users\TTAL\AppData\Roaming\PC Cleaners
[2012/01/21 20:52:25 | 005,276,432 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/01/21 20:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/01/21 09:41:32 | 000,000,000 | ---D | C] -- C:\HANGING_WITH_SLOTH
[2012/01/21 08:07:03 | 000,000,000 | ---D | C] -- C:\OUR_IDIOT_BROTHER
[2012/01/11 13:44:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/11 13:44:35 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 13:44:34 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/11 13:44:28 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 13:44:27 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009/12/29 18:26:05 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Users\TTAL\AppData\Roaming\pcouffin.sys
[2006/07/11 13:29:00 | 000,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll
[1 C:\Users\TTAL\AppData\Local\*.tmp files -> C:\Users\TTAL\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/30 00:15:43 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/01/30 00:15:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/30 00:13:27 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/30 00:13:26 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/30 00:13:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/30 00:10:41 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2012/01/30 00:07:30 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/29 23:38:04 | 000,007,728 | -H-- | M] () -- C:\Users\TTAL\AppData\Local\d3d9caps.dat
[2012/01/29 22:27:25 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/01/29 22:27:24 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/01/29 22:27:02 | 000,000,607 | ---- | M] () -- C:\Users\TTAL\Desktop\System Check.lnk
[2012/01/29 22:26:55 | 000,000,336 | ---- | M] () -- C:\ProgramData\345.exe
[2012/01/29 22:26:04 | 000,362,496 | ---- | M] (Microsoft Corp) -- C:\ProgramData\234.exe
[2012/01/29 22:22:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/29 20:55:32 | 000,453,632 | -HS- | M] (Microsoft Corp) -- C:\ProgramData\gOPYcVGVjRBj.exe
[2012/01/23 13:59:03 | 000,002,728 | ---- | M] () -- C:\{C5D299B2-66AD-4266-B8D3-D421758AD019}
[2012/01/22 21:39:10 | 000,000,494 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for TTAL.job
[2012/01/22 12:38:14 | 000,002,528 | ---- | M] () -- C:\{0E4A0ABC-BF9F-45D6-8C75-40C69725EFBE}
[2012/01/22 08:48:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/01/21 20:51:54 | 005,276,432 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/01/21 10:57:32 | 000,000,881 | -H-- | M] () -- C:\Users\TTAL\Desktop\Internet Explorer (No Add-ons).lnk
[2012/01/21 10:57:29 | 000,001,027 | ---- | M] () -- C:\WildTangent Games App - hp.lnk
[2012/01/17 10:17:35 | 000,001,055 | ---- | M] () -- C:\WildTangent Games App - wildgames.lnk
[2012/01/12 07:06:42 | 000,649,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/12 07:06:42 | 000,122,646 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/05 09:20:25 | 000,000,928 | ---- | M] () -- C:\{5E90DE4B-58BE-4D3E-BB80-CF57A84E2090}
[2012/01/05 07:51:59 | 000,022,016 | -H-- | M] () -- C:\Users\TTAL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/31 09:52:04 | 000,001,098 | ---- | M] () -- C:\Users\TTAL\Desktop\Yahoo! Games - Games And Online Games.lnk
[1 C:\Users\TTAL\AppData\Local\*.tmp files -> C:\Users\TTAL\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/30 00:15:43 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/01/29 22:27:02 | 000,000,607 | ---- | C] () -- C:\Users\TTAL\Desktop\System Check.lnk
[2012/01/29 22:26:55 | 000,000,336 | ---- | C] () -- C:\ProgramData\345.exe
[2012/01/23 13:59:02 | 000,002,728 | ---- | C] () -- C:\{C5D299B2-66AD-4266-B8D3-D421758AD019}
[2012/01/22 12:38:14 | 000,002,528 | ---- | C] () -- C:\{0E4A0ABC-BF9F-45D6-8C75-40C69725EFBE}
[2012/01/20 15:59:39 | 000,000,881 | -H-- | C] () -- C:\Users\TTAL\Desktop\Internet Explorer (No Add-ons).lnk
[2012/01/05 09:20:23 | 000,000,928 | ---- | C] () -- C:\{5E90DE4B-58BE-4D3E-BB80-CF57A84E2090}
[2011/10/30 19:57:05 | 000,000,552 | -H-- | C] () -- C:\Users\TTAL\AppData\Local\d3d8caps.dat
[2011/10/10 10:07:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\HomePageService
[2011/10/10 10:07:46 | 000,000,268 | RH-- | C] () -- C:\Users\TTAL\AppData\Roaming\Help
[2011/10/10 10:07:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/07/12 09:29:39 | 000,000,455 | ---- | C] () -- C:\Program Files\0712201111293892.bat
[2011/05/28 10:10:21 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/28 10:10:21 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/05/25 15:30:19 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/05/25 08:45:49 | 000,000,544 | ---- | C] () -- C:\Program Files\Cyberlink - Shortcut.lnk
[2011/05/25 05:50:16 | 000,000,160 | ---- | C] () -- C:\ProgramData\~39115304r
[2011/05/25 05:50:16 | 000,000,136 | ---- | C] () -- C:\ProgramData\~39115304
[2011/05/25 05:50:06 | 000,000,344 | ---- | C] () -- C:\ProgramData\39115304
[2010/12/16 13:31:11 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/09/26 13:09:54 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/08/15 15:14:12 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/07/09 06:03:28 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/05/14 07:02:40 | 000,000,000 | -H-- | C] () -- C:\Users\TTAL\AppData\Roaming\wklnhst.dat
[2010/04/25 16:55:25 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010/01/02 23:02:53 | 005,653,224 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2009/12/29 18:29:37 | 000,001,041 | -H-- | C] () -- C:\Users\TTAL\AppData\Roaming\vso_ts_preview.xml
[2009/12/29 18:26:05 | 000,087,608 | -H-- | C] () -- C:\Users\TTAL\AppData\Roaming\inst.exe
[2009/12/29 18:26:05 | 000,007,887 | -H-- | C] () -- C:\Users\TTAL\AppData\Roaming\pcouffin.cat
[2009/12/29 18:26:05 | 000,001,144 | -H-- | C] () -- C:\Users\TTAL\AppData\Roaming\pcouffin.inf
[2009/09/01 23:38:11 | 000,000,266 | ---- | C] () -- C:\Windows\lgfwup.ini
[2009/08/03 13:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 13:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/31 16:59:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/31 16:59:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/29 17:45:10 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/03/26 05:33:07 | 000,000,139 | -H-- | C] () -- C:\Users\TTAL\AppData\Roaming\default.rss
[2009/03/26 00:01:40 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/03/01 19:18:27 | 000,022,016 | -H-- | C] () -- C:\Users\TTAL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/23 07:44:01 | 000,166,371 | ---- | C] () -- C:\Windows\hpoins29.dat
[2009/02/22 10:48:34 | 000,007,728 | -H-- | C] () -- C:\Users\TTAL\AppData\Local\d3d9caps.dat
[2009/02/21 18:21:33 | 000,643,372 | -H-- | C] () -- C:\Users\TTAL\AppData\Local\rx_image.Cache
[2009/02/21 16:59:13 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2009/02/21 16:59:13 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini
[2008/11/06 17:57:10 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/06 17:57:10 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/11/06 17:41:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/05/04 18:13:43 | 000,000,799 | ---- | C] () -- C:\Windows\hpomdl29.dat
[2007/07/20 09:48:28 | 000,000,035 | ---- | C] () -- C:\Windows\sunkist.ini
[2007/05/03 09:22:00 | 000,028,672 | ---- | C] () -- C:\Windows\WinInstall.exe
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,458,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,649,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,122,646 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/15 13:54:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/08/09 03:19:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/09 03:19:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/08/09 00:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\besch.exe
[2006/08/09 00:00:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\besched.dll
[2005/07/15 12:36:35 | 000,524,288 | ---- | C] () -- C:\Windows\System32\DivXsm.exe
[2005/07/15 12:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 12:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/07/15 12:35:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2003/10/02 00:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lockout.dll
[2003/10/02 00:00:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lockres.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 06:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2012/01/30 00:30:07 | 004,763,456 | ---- | M] (Sysinternals - www.sysinternals.com) MD5=E13DF12BB822F9614DF654B519ECDB21 -- C:\Users\TTAL\Downloads\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 20:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/20 20:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 20:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 20:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:C5E4F943
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Documents\Symantec:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Documents\PcSetup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Documents\MakeDiscVideo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Documents\Job Interview stuff:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Documents\ImTOO Software Studio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Documents\corkscrew.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Documents\Azureus Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Documents\AnyDVDHD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Documents\aj prindle:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Desktop\TAXES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Desktop\JOB STUFF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Desktop\HAIR:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Desktop\EXTRA PROGRAMS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Desktop\bebeautiful:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\TTAL\Desktop\AJ Prindle files:Roxio EMC Stream
@Alternate Data Stream - 72 bytes -> C:\Windows:5404C41DA9511C17
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:A1D3FEF0
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:1AE68282
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:9812B773
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:2A8A3140
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:BACB6B6C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A518B662
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1095ECE1
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:571CCF8E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:C10D19E3
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:FAC5BCF5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1D9ED8F7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:89C6F032
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:5C5A503E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:45FE2B4E
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:76A59E49
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:59846E5E
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:6D192E3A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:2EF63291

< End of report >



And the "extra's" report :

OTL Extras logfile created on: 1/30/2012 12:24:09 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\TTAL\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 76.29% Memory free
5.95 Gb Paging File | 5.56 Gb Available in Paging File | 93.47% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.43 Gb Total Space | 119.47 Gb Free Space | 41.71% Space Free | Partition Type: NTFS
Drive D: | 11.66 Gb Total Space | 1.59 Gb Free Space | 13.60% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: TTAL | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1172320911-825183721-1134377370-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B5A3C5-BC17-4BED-86AC-C4FA2D00DB24}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{121B9B7C-CF10-4AA4-A054-FA34F8CEFE16}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{1472C00B-3EC4-4C5A-BBFC-B84E83F63DC4}" = lport=138 | protocol=17 | dir=in | app=system |
"{266135D1-E81B-4E81-9AA6-846544AAFD40}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{2679FD41-268B-43BD-9E09-A8A22EEFD9C5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{271F0C84-58DC-4171-8F75-3C70F2820186}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{34BC4AE4-1F7E-4798-ABAC-88492D5E9B5E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3553F9DD-6FFB-49A0-B936-C7F2D1162F5E}" = lport=137 | protocol=17 | dir=in | app=system |
"{39EDF464-A668-49EF-97A2-A8D7B188D9C8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{3C42B709-4EF3-4E54-86BE-90C670BC69A4}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{4AE78839-84F5-44F0-B0F2-1ACD72674D1B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{5225A39C-6C6B-4F89-ABB9-610B19EA2D66}" = lport=445 | protocol=6 | dir=in | app=system |
"{53A77A49-21C1-4E24-9402-A8A87A80BBC9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{598AABB0-1FB8-44C8-A2F4-6D20161B23D0}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5EAFC0D3-0FA8-4F1D-96AB-104A91CB937A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{77B177D7-D1D2-4169-9EE3-34B79AD17337}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{77F0B0A1-BF80-43A4-92C9-94C9EE9D4FEF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{780C64AD-57BC-479B-8241-621E1AD2D426}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7B604BDD-2506-401D-87D9-6A472B6EF8B5}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{84A8C949-5892-4D4D-B28B-1DB0770520D3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{95C7972E-0A2D-4495-8166-BD8CA0BF913B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A7A4EC5F-215C-4B0A-8F33-2BF58A0C67A2}" = rport=137 | protocol=17 | dir=out | app=system |
"{B63F8EE6-BD48-406D-8B52-1B8D5F0810D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{BA788402-EDC9-4C25-B36A-50329A06685D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C22BE16D-02A2-4568-8871-DECBF0129E04}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{DFC19AD8-C4E9-4BB3-AAF3-60307174A583}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E06EEDD6-1EBA-4DFF-836B-688207820678}" = rport=445 | protocol=6 | dir=out | app=system |
"{E3DE22EE-45D7-4BBE-97A8-74EDF8B954E4}" = rport=138 | protocol=17 | dir=out | app=system |
"{EAD094F2-D9C7-4F02-9EB0-75020BCAFF00}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F5462652-BF86-4582-BD86-4661C452C2F2}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F6325A2A-E2A1-46BA-8CB0-A050310FC4D8}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022CF3E7-0C4D-44EB-8457-01B5E20C72EA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0A5C0193-0706-408B-BE80-1A23B456CE90}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0C7AFC17-0335-4192-93BB-A4166E164FAB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0E322BAB-8646-4996-93AB-A306185F930C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0E856DC8-764B-4412-A525-20747F3B6125}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{109AF862-5993-4650-B210-1C180C2008C8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{10EF2DF6-05AC-4D2C-9D8F-E880C60EBE6F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{11314D17-A69A-4C87-BC97-4D0C6A7673BE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{12A7EB97-6C4E-48FB-B5D1-ABBA1FBF6454}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1415BE18-8920-4506-A7A0-FAE3F4DDA6CB}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{160F0564-B2BA-4C23-9ACE-7C995B015975}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{17F5021B-75F8-4506-A81E-308CFC6A5F3E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{182DAE16-6B67-4878-A11E-4C8D084333B2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{201921C8-65A4-46FC-9CCC-749A6D7859BA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{20531334-ED80-4DA0-BEC4-20258BFF9AB8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{20C4A54C-15E0-4466-BC76-821D0CBDD4DA}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{2163CBF5-4887-478E-874C-88D329679CE9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{22C413F5-86AC-4C06-B35F-D42D3D7D5887}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{23A5EE76-A761-4C46-B7B2-9D5C5308D19F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{2527DF85-09B8-489D-93A0-3291AFFA50EA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{25DED584-3232-4BB5-A458-599F2FF718A7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{290292F5-441A-4467-91EC-0B8CDCAB85A8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2A943AF1-D926-4F84-BEE5-D6F57F33A7A6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2E04A711-6400-4852-A9A6-EF334E9D5A83}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{2E16FCD6-4B53-4FB2-9878-8CEB3DF47CF0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{2E76E761-5435-4413-8D4C-E6AF4355A80E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{305D5FF9-10E2-4269-B088-21AA6A15A170}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{306125A0-39DF-4EC9-B2E0-D7F897B9B71D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{35126B1C-EA5F-4AF4-A7F8-6A97A79F359C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{361EDEEB-7448-4D72-85FD-EB071ADA1221}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{36536D3E-8991-42D4-93D1-DA0A448AF581}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3742B332-B0D5-46B5-BA85-41FCDE9962C1}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{389F7C31-8753-4F7E-8173-50ABD39B44CA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{38E98555-5CA5-4455-A660-BDD9422E399F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3A6EDA17-6893-41CC-BC2E-519145F48B7B}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{3ED01A3F-7DAA-4BA2-B9A9-3C8F4314B558}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{41780447-7F3B-42BD-A4C1-CD8D4988773C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{41CEAC62-5F74-4A73-938F-54989373AA29}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{44DA48EE-B81E-4EA3-B022-30F57106A8DB}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{47316222-C401-48C3-B18B-CA04B9255108}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{4B3CEBD0-1D9A-4F16-BCB0-B867DD30F7AF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4C5D6F67-7226-4BBF-9166-E65EF2C91480}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4DF7F8F4-C958-4D16-B8A1-7656F99448EE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{500A3149-0E53-4742-9C98-4204CA01F81E}" = protocol=6 | dir=in | app=c:\windows\temp\~ose552.tmp\rlvknlg.exe |
"{5284981A-0113-442A-8CF5-E4E8259DB210}" = dir=in | app=c:\program files\freefileviewer\ffvcheckforupdates.exe |
"{53F0E2BD-780E-4B46-B2B2-B0118C02E49D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5675F1BE-B27C-452C-90B8-D8B26CB43FE8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5DEFBEC8-250F-459D-8F09-57748C541C60}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{65ED36C8-56CD-4B94-A849-DCAD9A168B17}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{66DACB05-96C6-431C-BDA8-F4A5946AF7AD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{688CC8D3-A93B-40D8-BC1F-295C5ABE20CF}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{68DAE6A4-6DE7-42CD-B765-0346750F93DF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{69278C18-B9F0-4621-84BF-4F8A59B5B353}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{693DCF6F-0FBD-48D9-9399-731CDA0365B0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6A31F05F-4F4F-4E6E-819A-362C3716679D}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{6F158383-3A2A-4202-AE3C-8A3501B50D1C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{746780BD-BC7E-42FA-99D7-DD6342342CD2}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{79F86FA0-4E17-4756-B3F2-B52E6E6E289C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7E571C6F-054F-477E-B370-CB4FAA140C21}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{81E4C67B-4851-442E-A719-DBE36771DA51}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{82AAE7CB-A79F-4270-A40E-E738CE06A3B8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8B8416AD-6811-4486-9F3A-7220807264F9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8C1B6D17-C9FF-442D-AA3D-4572B157FE40}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8D56BEFF-154D-4ABD-A594-734DC3C9BD85}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8E28B9E8-0F3A-43D7-8DF2-2789A67FB8AF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8E66B4D4-D0E7-4791-82FB-B18FED566E73}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8EA290CB-1D63-4196-BC9E-FDB909DCF4FB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{922457EF-57C7-408B-915A-14CC23D08082}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{93CE3D43-E934-4871-9E6F-58C955198935}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{990CDDB9-DAC9-4AC6-9DB4-93D6D88302D2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{99696475-E70B-42AA-94AC-2E27C139720D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A2120952-E198-451B-B3E4-83CE239808EE}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{A2AEF021-A3D0-46FA-9360-BB6735C1CBEB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A36F6E13-033F-4D21-98F0-F4CB30615CF7}" = protocol=6 | dir=in | app=c:\windows\temp\~os6302.tmp\rlvknlg.exe |
"{A556CAA8-AAE5-485E-B733-7648715CA5AC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A6B330C2-6B4C-43C7-8E8E-9E60C80A17F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{A77DF239-FCB2-4747-824F-C0C65F26846F}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{A89355CA-092A-40E7-BF13-14030092BEF9}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A8B68898-D8B8-4757-8181-D210207EEC17}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AEAC3628-FF8C-4895-ABA9-582E825148EE}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{B07DCBF4-5596-411B-8067-F3F6F124F318}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{B2170B3A-B9D3-4EB9-B49D-1AB617DD3890}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{B5ABBD42-D2D8-4C7A-8E68-08A4E3E430A1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B6B3C613-ED60-431A-8525-14FCE0B3E375}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B71BDDC5-D6DB-40DE-A928-78C4EBBCE37F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B8523CDC-0B05-40AB-ABAF-83F6498BFEF3}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{B87C3058-F557-468E-9763-DCBD95E3AF6D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B94EB769-146D-4515-AD6A-94BCED201DE4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{B995B78E-9CBE-4BC6-A073-30F7DF1B0A94}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BA0EF55A-829F-4054-AE2F-7F3541B0D342}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{BC79FCC8-26DB-4E3F-BEAA-821F9CEA5591}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{BCA6F653-6268-4C1D-8A82-3BD4F7A4847E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BDCED5C6-7A5D-4877-B87E-26184C44D5B9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C0934CE3-67DA-495F-A71C-52C35B6225DE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C128CDE8-D8C4-4CD5-A481-CBAE9FDA448D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C2CA8F8D-3093-4081-90C7-5B43BFBB98DB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C2F95A70-6890-468C-9041-EAE1ECFDF44B}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{C3745540-0C7B-45FE-A5EB-77899E8B6248}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C67ACB3C-453B-4B09-B86B-EE9245879C08}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C7CF6CA6-D81D-410A-B3D6-00CE42BAD84D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C8B586D6-3ED3-40F2-ACE4-E52AB3970223}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C98B61E7-BF16-4925-9DF5-0C9D8395D733}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CA50565A-8434-4085-B0F0-2D1FDC82EA60}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CAF39DA2-3A6B-48C7-899D-882156A73CE9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CBAB6AC0-6870-4D74-BF50-0870612A5D3A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CC1CC0E6-0647-4214-8593-6129BF199C78}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CC8984D0-3F32-443F-9725-EBC7ED5CFF00}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CF15E362-961B-4762-B9DB-ABAA9F319CE0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D1CE327F-E981-461A-9988-A41A09212F0D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D5EE4ADF-D471-4504-90F2-7A1ADA42D004}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D711B058-C14F-4159-85F3-B9B83C982E07}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe |
"{D7564983-F245-41B4-993B-D97479EAADB9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D88C25FD-59C8-416C-9542-D0FC0EA36E9E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D8C26FCC-0972-4B98-83C8-DED390094624}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D9906103-EAAA-4ACB-B16B-699259F51EFF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DAFE8C61-2D4B-408D-B8AC-0166A6FDA8C7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DD3B40A9-39C2-4668-9852-CB0977CF4780}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{E32A32E5-0EA4-44DC-A62B-E28A05BAF076}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E9F57CEB-E5B1-4904-BCBC-6F57EC9A7BB1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{EB3D1E5F-E3B4-4FD2-A32B-9FAA1C89E774}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ECA37FFE-5006-4ECE-BB40-61F7A53C18EE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EF64BD56-E3A9-4BB4-B09E-E15315524093}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F1AD3A08-C61C-4D77-875E-DE6A6F10BF5A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{F2752736-5BC1-428E-B551-52A13490601C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F4E2A489-4797-41B3-A27E-87A6E6D0DADB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FAFA4284-85E5-46DB-803B-6D2A139135A4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FB80245A-577C-4B5E-83FB-BE10CEAFA101}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FD0C3760-113D-4A18-9B86-74EA012D0856}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{FDCB675C-57C5-45C3-B2DD-7F70A136E4CC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FDE4B9DD-EADA-4ADD-B609-1544395497CF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 27
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{276E3ECB-E9E9-494E-A3F9-173BAD7D9643}" = C4400
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E3E57A1-2BBB-4B15-9ED4-44C51C729758}" = Monopoly - SpongeBob SquarePants Edition
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4400_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A3FEF2D-0E14-412E-869C-421AB373EE43}" = C4400_Help
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{625304B0-2976-473B-AD81-5CA376093F03}" = Xingtone Ringtone Maker
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79F86C69-2B17-4368-9234-472A23639E16}" = Ad-Aware
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11231247}" = Peggle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113849380}" = Elf Bowling 7 The Last Insult
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}" = Elf Bowling Hawaiian Vacation
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117693570}" = Zuma’s Revenge
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117863340}" = Bookworm Astounding Planet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118392197}" = Pacman
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio Easy Media Creator 9 Suite
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2016015-8323-4AF8-8B3E-F56239D7D59D}" = HP Demo
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD9C3298-BB14-766D-3217-A4129C6BE401}" = Elf Bowling 7 - The Last Insult
"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CA9483A2-742A-4A72-881D-B81C6B1ACB3E}" = Google SketchUp Pro 7
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D69F6DA9-46CF-3EFD-DC4B-9E38F75F5B10}" = Super Collapse 3
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B993AF-70F6-432F-9FA2-59E4DFB9CCE6}" = Dynex mini card reader
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Akamai" = Akamai NetSession Interface
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"am-chuzzledeluxe" = Chuzzle Deluxe
"AutocompletePro2_is1" = AutocompletePro
"Bejeweled Twist" = Bejeweled Twist (remove only)
"BFGC" = Big Fish Games: Game Manager
"BFG-Luxor 3" = Luxor 3
"BFG-Luxor Amun Rising" = Luxor Amun Rising
"BFG-The Price is Right" = The Price is Right
"BFG-Vesuvia" = Vesuvia
"BFG-Zuma Deluxe" = Zuma Deluxe
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Chuzzle Deluxe" = Chuzzle Deluxe
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Coffee Rush 2" = Coffee Rush 2 (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Cool FLAC To MP3 Converter_is1" = Cool FLAC To MP3 Converter 1.0
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"Elf Bowling 7 - The Last Insult" = Elf Bowling 7 - The Last Insult (remove only)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FinalMediaPlayer_is1" = Final Media Player 2010
"Fishing Craze" = Fishing Craze (remove only)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free RAR Extract Frog" = Free RAR Extract Frog
"FreeFileViewer_is1" = Free File Viewer 2011
"HitmanPro35" = Hitman Pro 3.5
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"ImgBurn" = ImgBurn
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{F1B993AF-70F6-432F-9FA2-59E4DFB9CCE6}" = Dynex mini card reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"N360" = Norton 360
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Secunia PSI" = Secunia PSI
"Shop for HP Supplies" = Shop for HP Supplies
"Super Collapse 3" = Super Collapse 3 (remove only)
"TigerCad_is1" = TigerCad version 3.001 Free
"Trusted Software Assistant_is1" = File Type Assistant
"UnityWebPlayer" = Unity Web Player
"vShare" = vShare Plugin
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WildTangent hp Master Uninstall" = HP Games
"WTA-b41198c7-9179-4f03-8dd6-9da858111d57" = Zuma's Revenge
"WTA-d023bfca-52a9-43ed-be84-0c277b9b8466" = Chuzzle Deluxe
"xfin_portal" = XFINITY Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"YTdetect" = Yahoo! Detect
"Zuma's Revenge - Adventure" = Zuma's Revenge - Adventure (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1172320911-825183721-1134377370-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.5.1
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/30/2012 12:38:24 AM | Computer Name = home-PC | Source = EventSystem | ID = 4609
Description =

Error - 1/30/2012 2:08:38 AM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/30/2012 2:15:42 AM | Computer Name = home-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/30/2012 2:16:07 AM | Computer Name = home-PC | Source = EventSystem | ID = 4609
Description =

Error - 1/30/2012 2:33:06 AM | Computer Name = home-PC | Source = Perflib | ID = 1008
Description =

Error - 1/30/2012 2:33:06 AM | Computer Name = home-PC | Source = Perflib | ID = 1010
Description =

Error - 1/30/2012 2:33:10 AM | Computer Name = home-PC | Source = PerfNet | ID = 2004
Description =

Error - 1/30/2012 2:33:10 AM | Computer Name = home-PC | Source = Perflib | ID = 1008
Description =

Error - 1/30/2012 2:33:10 AM | Computer Name = home-PC | Source = Perflib | ID = 1010
Description =

Error - 1/30/2012 2:33:10 AM | Computer Name = home-PC | Source = Perflib | ID = 1008
Description =

[ OSession Events ]
Error - 4/29/2010 9:33:08 AM | Computer Name = home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 425
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/30/2012 2:15:43 AM | Computer Name = home-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 1/30/2012 2:15:43 AM | Computer Name = home-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/30/2012 2:15:43 AM | Computer Name = home-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/30/2012 2:15:43 AM | Computer Name = home-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/30/2012 2:15:43 AM | Computer Name = home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/30/2012 2:15:58 AM | Computer Name = home-PC | Source = DCOM | ID = 10005
Description =

Error - 1/30/2012 2:16:07 AM | Computer Name = home-PC | Source = DCOM | ID = 10005
Description =

Error - 1/30/2012 2:16:08 AM | Computer Name = home-PC | Source = DCOM | ID = 10005
Description =

Error - 1/30/2012 2:16:12 AM | Computer Name = home-PC | Source = DCOM | ID = 10005
Description =

Error - 1/30/2012 2:19:47 AM | Computer Name = home-PC | Source = DCOM | ID = 10005
Description =


< End of report >


Thanks. Help if you can.

~T.H.

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:44 AM

Posted 31 January 2012 - 03:54 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Please download UnHide.exe by Grinler.

It will unhide folders/files that were set to be hidden by the infection you had.



NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O1 - Hosts: 80.79.117.219	www.google.com
    O1 - Hosts: 80.79.117.220	search.yahoo.com
    O1 - Hosts: 80.79.117.220	www.bing.com
    O4 - HKLM..\Run: [gOPYcVGVjRBj.exe] C:\ProgramData\gOPYcVGVjRBj.exe (Microsoft Corp)
    O4 - HKU\.DEFAULT..\Run: [QFHjnyOpVJm] C:\ProgramData\QFHjnyOpVJm.exe File not found
    O4 - HKU\S-1-5-18..\Run: [QFHjnyOpVJm] C:\ProgramData\QFHjnyOpVJm.exe File not found
    O4 - HKU\.DEFAULT..\RunOnce: [0] C:\Windows\TEMP\0.5397936357570874.exe File not found
    O4 - HKU\S-1-5-18..\RunOnce: [0] C:\Windows\TEMP\0.5397936357570874.exe File not found
    O4 - HKU\S-1-5-21-1172320911-825183721-1134377370-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; InfoPath.2; .NET CLR 1.1.4322; .NET CLR 3.0.30729; .NET4.0C)" -"http://games.yahoo.com/daily-games/wordsense" File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2012/01/29 22:26:58 | 000,000,000 | ---D | C] -- C:\Users\TTAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2012/01/29 22:26:04 | 000,362,496 | ---- | C] (Microsoft Corp) -- C:\ProgramData\234.exe
    [2012/01/29 22:20:53 | 000,453,632 | -HS- | C] (Microsoft Corp) -- C:\ProgramData\gOPYcVGVjRBj.exe
    [2012/01/29 22:27:02 | 000,000,607 | ---- | M] () -- C:\Users\TTAL\Desktop\System Check.lnk
    [2012/01/29 22:26:55 | 000,000,336 | ---- | M] () -- C:\ProgramData\345.exe
    [2012/01/29 22:26:04 | 000,362,496 | ---- | M] (Microsoft Corp) -- C:\ProgramData\234.exe
    [2012/01/29 20:55:32 | 000,453,632 | -HS- | M] (Microsoft Corp) -- C:\ProgramData\gOPYcVGVjRBj.exe
    [2012/01/23 13:59:03 | 000,002,728 | ---- | M] () -- C:\{C5D299B2-66AD-4266-B8D3-D421758AD019}
    [2012/01/22 12:38:14 | 000,002,528 | ---- | M] () -- C:\{0E4A0ABC-BF9F-45D6-8C75-40C69725EFBE}
    [2012/01/05 09:20:25 | 000,000,928 | ---- | M] () -- C:\{5E90DE4B-58BE-4D3E-BB80-CF57A84E2090}
    [2012/01/29 22:27:02 | 000,000,607 | ---- | C] () -- C:\Users\TTAL\Desktop\System Check.lnk
    [2012/01/29 22:26:55 | 000,000,336 | ---- | C] () -- C:\ProgramData\345.exe
    [2012/01/23 13:59:02 | 000,002,728 | ---- | C] () -- C:\{C5D299B2-66AD-4266-B8D3-D421758AD019}
    [2012/01/22 12:38:14 | 000,002,528 | ---- | C] () -- C:\{0E4A0ABC-BF9F-45D6-8C75-40C69725EFBE}
    [2012/01/05 09:20:23 | 000,000,928 | ---- | C] () -- C:\{5E90DE4B-58BE-4D3E-BB80-CF57A84E2090}
    [2011/05/25 05:50:16 | 000,000,160 | ---- | C] () -- C:\ProgramData\~39115304r
    [2011/05/25 05:50:16 | 000,000,136 | ---- | C] () -- C:\ProgramData\~39115304
    [2011/05/25 05:50:06 | 000,000,344 | ---- | C] () -- C:\ProgramData\39115304
    @Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:C5E4F943
    @Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:A1D3FEF0
    @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:1AE68282
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:9812B773
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:2A8A3140
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:BACB6B6C
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A518B662
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:1095ECE1
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:571CCF8E
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:C10D19E3
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:FAC5BCF5
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1D9ED8F7
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:89C6F032
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:5C5A503E
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:45FE2B4E
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:76A59E49
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:59846E5E
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:6D192E3A
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:2EF63291
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



We need to remove a program. To do this please do the following:
  • Click Start
  • Go to Control Panel
  • Double click on Programs and Features
  • Find and click the Uninstall button to uninstall the following (if present):
  • Java™ 6 Update 7
  • Spybot - Search & Destroy<== Please remove this utility for the time being. It has a tendency to interfere with the fixes we will need to run, so it'll be easier if we remove it for the time being.
  • Microsoft Live Search Toolbar <== If you don't use it, then I suggest removing it.
  • Conduit Engine <== If you don't use it, then I suggest removing it.
  • Vuze Remote Toolbar <== If you don't use it, then I suggest removing it.
  • XFINITY Toolbar <== If you don't use it, then I suggest removing it.
  • Google Toolbar for Internet Explorer <== If you don't use it, then I suggest removing it.
  • Yahoo! Toolbar <== If you don't use it, then I suggest removing it.


NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL Fix log.
3. GMER Log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Edited by SweetTech, 02 February 2012 - 04:24 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:44 AM

Posted 03 February 2012 - 03:58 AM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users