Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili infection


  • This topic is locked This topic is locked
26 replies to this topic

#1 KathyAZ

KathyAZ

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 24 June 2012 - 10:11 AM

Testerday my browser started getting hijacked. I ran a Sophos scan (my normal ant virus software) and it found nothing. MalWarebytes told me I had the Happili virus and "removed" it, but it was still there. Ditto for Avast! Free software. Please help me get rid of this!

Below is my log file

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Kathleen at 7:59:36 on 2012-06-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8149.6754 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\atashost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://eller.arizona.edu/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Microsoft] rundll32.exe "C:\Users\Kathleen\AppData\Local\Microsoft Help\Microsoft\zgevpepmw.dll",CreateInstance
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [GrpConv] grpconv -o
dRun: [Microsoft] rundll32.exe "C:\Users\Kathleen\AppData\Local\Microsoft Help\Microsoft\zgevpepmw.dll",CreateInstance
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CLOUDM~1.LNK - C:\Program Files (x86)\Cloudmark\Desktop\Service\cdswin.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://trs.webex.com/client/T27L10NSP11EP8-trs/support/ieatgpc1.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E8A13B78-8432-4DFE-A561-C3AC489BB0B4} : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
BHO-X64: Panda Security Toolbar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [GrpConv] grpconv -o
AppInit_DLLs-X64: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kathleen\AppData\Roaming\Mozilla\Firefox\Profiles\hbxkagja.default\
FF - prefs.js: browser.search.selectedEngine - Panda Safe Search
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-10-13 43912]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S1 PSINKNC;PSINKNC;C:\Windows\system32\DRIVERS\psinknc.sys --> C:\Windows\system32\DRIVERS\psinknc.sys [?]
S1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys --> C:\Windows\system32\DRIVERS\savonaccess.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-6-23 44768]
S2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-6-29 158720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-4-28 140608]
S2 PSINAflt;PSINAflt;C:\Windows\system32\DRIVERS\PSINAflt.sys --> C:\Windows\system32\DRIVERS\PSINAflt.sys [?]
S2 PSINFile;PSINFile;C:\Windows\system32\DRIVERS\PSINFile.sys --> C:\Windows\system32\DRIVERS\PSINFile.sys [?]
S2 PSINProc;PSINProc;C:\Windows\system32\DRIVERS\PSINProc.sys --> C:\Windows\system32\DRIVERS\PSINProc.sys [?]
S2 PSINProt;PSINProt;C:\Windows\system32\DRIVERS\PSINProt.sys --> C:\Windows\system32\DRIVERS\PSINProt.sys [?]
S2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-6-21 163056]
S2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-6-21 97520]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-5-30 3048136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2012-5-9 232472]
S2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-3-8 1543704]
S2 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2007-6-25 229592]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-21 129976]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 sdcfilter;sdcfilter;C:\Windows\system32\DRIVERS\sdcfilter.sys --> C:\Windows\system32\DRIVERS\sdcfilter.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys --> C:\Windows\system32\DRIVERS\SophosBootDriver.sys [?]
.
=============== Created Last 30 ================
.
2012-06-24 00:01:02 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-06-24 00:00:33 41184 ----a-w- C:\Windows\avastSS.scr
2012-06-24 00:00:20 -------- d-----w- C:\ProgramData\AVAST Software
2012-06-24 00:00:20 -------- d-----w- C:\Program Files\AVAST Software
2012-06-23 21:44:20 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\Panda Security
2012-06-23 21:44:07 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-06-23 21:44:05 -------- d-----w- C:\Users\Kathleen\AppData\Local\panda2_0dn
2012-06-23 21:43:58 -------- d-----w- C:\ProgramData\Panda Security URL Filtering
2012-06-23 21:42:59 -------- d-----w- C:\ProgramData\Panda Security
2012-06-23 21:42:59 -------- d-----w- C:\Program Files (x86)\Panda Security
2012-06-23 21:42:36 -------- d-----w- C:\temp
2012-06-23 21:38:47 -------- d-----w- C:\Windows\System32\appmgmt
2012-06-23 21:30:17 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\Malwarebytes
2012-06-23 21:30:11 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-23 21:30:10 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-23 21:30:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-23 21:15:44 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\SpeedMaxPc
2012-06-23 21:15:44 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\DriverCure
2012-06-23 21:15:34 -------- d-----w- C:\ProgramData\SpeedMaxPc
2012-06-22 13:11:43 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{46FF4812-3225-4157-A890-AC1298CE073A}\mpengine.dll
2012-06-20 15:36:53 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-20 15:36:53 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-19 14:11:04 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 14:10:48 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 14:10:34 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 14:10:34 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-17 00:25:10 -------- d-----w- C:\Users\Kathleen\AppData\Local\Google
2012-06-15 03:40:20 -------- d-----w- C:\Program Files\iPod
2012-06-15 03:40:19 -------- d-----w- C:\Program Files\iTunes
2012-06-15 03:40:19 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-15 03:37:05 -------- d-----w- C:\Program Files\SAS
2012-06-15 03:27:32 -------- d-----w- C:\Program Files\SASHome
2012-06-15 01:49:51 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-06-15 01:10:11 57344 ----a-w- C:\Windows\SysWow64\MFC71ENU.DLL
2012-06-13 22:24:29 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-06 19:17:22 -------- d-----w- C:\Users\Kathleen\AppData\Local\assembly
2012-06-06 19:14:51 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\Cloudmark
2012-06-06 19:13:56 -------- d-----w- C:\ProgramData\Cloudmark
2012-06-06 19:13:56 -------- d-----w- C:\Program Files\Cloudmark
2012-05-31 03:52:59 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-05-31 03:52:46 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-05-31 03:52:36 150696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-05-31 03:52:28 129144 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-05-30 20:59:30 4966600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-29 19:16:49 -------- d-----w- C:\Windows\Offline Address Books
.
==================== Find3M ====================
.
2012-06-13 23:37:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 23:37:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-05 02:16:57 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 8:00:00.83 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:50 AM

Posted 24 June 2012 - 11:26 AM

Hello KathyAZ,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:50 AM

Posted 24 June 2012 - 11:30 AM

Hello,


Please run the following tools and post there logs.

1.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove 2 of the following avast! Antivirus and/or Sophos Anti-Virus and\or Panda Cloud Antivirus.


2.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

3.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 KathyAZ

KathyAZ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 24 June 2012 - 12:24 PM

Sophos is my normal anti virus that is provided by my IT group. I added Panda and Avast yesterday in trying to detect the virus because Sophos wasn't detecting it. I'll delete them now. In doing this stuff, should I run the computer in safe mode, or can I run it in normal mode?

#5 KathyAZ

KathyAZ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 24 June 2012 - 01:01 PM

TDSS killer didn't find anything, so there was no log.

I disabled Sophos per the instruction in your message, but I'm not sure it worked, because when I went and ran ComboFix, I got a message from Sophos saying, "Suspicious behavior' HIPS/RegMod-12 has been detected and moved to quarantine." ComboFix did appear to run that, so I've attached the log file that was produced.

I've tried a couple of browser searched that were hijacked earlier, and they didn't seem to get hijacked this time.

#6 KathyAZ

KathyAZ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 24 June 2012 - 01:16 PM

I spoke too soon. I'm still getting hijacked.

#7 KathyAZ

KathyAZ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 24 June 2012 - 05:38 PM

Hmmm...It doesn't look like the ComboFix log got attached in the earlier email. Here it is.

Attached Files



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:50 AM

Posted 24 June 2012 - 05:52 PM

Hello,

1.
Are you connected to the internet through a router? If so we need to reset that router.
How to Reset your Router.


2.
Download the yorkyt.exe disinfection tool (1,31 MB).

Save the file to your hard disk; to the Windows Desktop, for example.
Double click the yorkyt.exe file.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
In order to ensure a full cleanup, run a scan of your PC with the antivirus installed.


3.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


4.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


Things to include in your next reply::
RogueKiller log
yorkyt.exe log
aswMBR log
Still redirecting? Is it redirecting in all browsers? Google Chrome? Internet Explorer? Firefox?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 KathyAZ

KathyAZ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 24 June 2012 - 07:15 PM

I don't have a wireless router, but I reset my cable telephony modem before I continued.

I didn't get the request to install a driver when I used the yorkyt tool, but it did ask for a bot to complete diinfection.

I ran Sophos, and it detected a NirCmd PUA or adware, but that was it.

Attached are all of the logs.

Attached Files



#10 KathyAZ

KathyAZ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 24 June 2012 - 07:23 PM

I'm still getting redirected in both IE and Mozilla, to a site hinia.zyns.com. In Mozilla, it comes up as "Butterfly search engine." Sophos is at least blocking these sites now and telling me they are dangerous, which it wasn't before.

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:50 AM

Posted 24 June 2012 - 09:19 PM

  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 KathyAZ

KathyAZ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 24 June 2012 - 09:30 PM

OTL.txt:
OTL logfile created on: 6/24/2012 7:22:30 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Kathleen\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.92% Memory free
15.91 Gb Paging File | 13.64 Gb Available in Paging File | 85.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 302.46 Gb Free Space | 64.95% Space Free | Partition Type: NTFS

Computer Name: MH315J-KAHLEHOM | User Name: Kathleen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/24 19:21:43 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Kathleen\Desktop\OTL.exe
PRC - [2012/06/24 16:12:12 | 001,521,152 | ---- | M] () -- C:\Users\Kathleen\Desktop\RogueKiller.exe
PRC - [2012/05/09 08:26:14 | 000,232,472 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012/03/08 06:44:06 | 001,543,704 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/13 14:05:15 | 000,043,912 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2011/06/21 16:33:39 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2011/06/21 16:33:14 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/06/21 16:25:29 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/06/25 09:19:10 | 000,229,592 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/29 16:12:20 | 000,158,720 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/05/21 08:02:12 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/09 08:26:14 | 000,232,472 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/03/08 06:44:06 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 14:35:35 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/13 14:05:15 | 000,043,912 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2011/06/23 20:08:16 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/21 16:33:14 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/06/21 16:25:29 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/06/25 09:19:10 | 000,229,592 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Windows\SysWOW64\WebUpdateSvc4.exe -- (WebUpdate4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/20 16:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2011/06/21 16:33:23 | 000,142,328 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2011/06/21 16:25:32 | 000,025,592 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011/06/21 16:25:25 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/19 10:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/19 10:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/04 15:39:18 | 001,980,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTDVHD64.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV:64bit: - [2010/09/03 10:40:24 | 000,104,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eller.arizona.edu/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {1A42C5B6-AA91-444B-B9BF-D6B351DCC83D}
IE - HKCU\..\SearchScopes\{1A42C5B6-AA91-444B-B9BF-D6B351DCC83D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bitmanagement.com/BS Contact: C:\Program Files (x86)\Bitmanagement Software\BS Contact\npBSContact.dll File not found
FF - HKLM\Software\MozillaPlugins\@bitmanagement.com/BSVersion,version=1.006: C:\Program Files (x86)\Bitmanagement Software\BS Contact\npBSVersion_6.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bitmanagement.com/BS Contact: C:\Program Files (x86)\Bitmanagement Software\BS Contact\npBSContact.dll File not found
FF - HKCU\Software\MozillaPlugins\@bitmanagement.com/BSVersion,version=1.006: C:\Program Files (x86)\Bitmanagement Software\BS Contact\npBSVersion_6.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/30 20:52:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/14 20:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/14 20:35:17 | 000,000,000 | ---D | M]

[2011/06/21 16:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathleen\AppData\Roaming\mozilla\Extensions
[2012/06/24 10:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathleen\AppData\Roaming\mozilla\Firefox\Profiles\hbxkagja.default\extensions
[2012/06/14 18:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/13 05:41:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/14 18:49:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[1832/11/28 21:51:36 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\KATHLEEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HBXKAGJA.DEFAULT\EXTENSIONS\EZADBKLLGT@EZADBKLLGT.ORG.XPI
[2012/05/21 08:02:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/30 20:52:28 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2011/12/31 09:56:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/31 09:56:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: YouTube = C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\
CHR - Extension: Gmail = C:\Users\Kathleen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/06/24 10:49:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SASSystemPrep] D:\setup.exe -lang en -order 99CKR7 File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.apac] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.noam] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.apac] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.noam] https in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://trs.webex.com/client/T27L10NSP11EP8-trs/support/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8A13B78-8432-4DFE-A561-C3AC489BB0B4}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {4337E68C-FCAA-E75F-FDE3-97DB4FE374A7} - Browser Customizations
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/24 19:21:42 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Kathleen\Desktop\OTL.exe
[2012/06/24 17:03:19 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Kathleen\Desktop\aswMBR.exe
[2012/06/24 17:01:14 | 000,000,000 | ---D | C] -- C:\Users\Kathleen\Desktop\RK_Quarantine
[2012/06/24 16:03:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/24 10:43:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/24 10:43:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/24 10:43:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/24 10:43:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/24 10:41:29 | 004,567,243 | R--- | C] (Swearware) -- C:\Users\Kathleen\Desktop\ComboFix.exe
[2012/06/24 10:35:24 | 000,000,000 | ---D | C] -- C:\Users\Kathleen\Desktop\tdsskiller
[2012/06/24 07:58:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kathleen\Desktop\dds.scr
[2012/06/23 17:01:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/06/23 17:01:00 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/23 17:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/23 17:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/23 14:44:20 | 000,000,000 | ---D | C] -- C:\Users\Kathleen\AppData\Roaming\Panda Security
[2012/06/23 14:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/06/23 14:42:36 | 000,000,000 | ---D | C] -- C:\temp
[2012/06/23 14:38:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/06/23 14:30:17 | 000,000,000 | ---D | C] -- C:\Users\Kathleen\AppData\Roaming\Malwarebytes
[2012/06/23 14:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/23 14:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/23 14:30:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/23 14:30:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/23 14:15:44 | 000,000,000 | ---D | C] -- C:\Users\Kathleen\AppData\Roaming\SpeedMaxPc
[2012/06/23 14:15:44 | 000,000,000 | ---D | C] -- C:\Users\Kathleen\AppData\Roaming\DriverCure
[2012/06/23 14:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/06/16 17:25:10 | 000,000,000 | ---D | C] -- C:\Users\Kathleen\AppData\Local\Google
[2012/06/14 20:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/14 20:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/14 20:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/14 20:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/14 20:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAS
[2012/06/14 20:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\SAS
[2012/06/14 20:37:04 | 000,000,000 | ---D | C] -- C:\Users\Kathleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAS
[2012/06/14 20:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/14 20:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/06/14 20:27:32 | 000,000,000 | ---D | C] -- C:\Program Files\SASHome
[2012/06/06 12:17:22 | 000,000,000 | ---D | C] -- C:\Users\Kathleen\AppData\Local\assembly
[2012/06/06 12:14:51 | 000,000,000 | ---D | C] -- C:\Users\Kathleen\AppData\Roaming\Cloudmark
[2012/06/06 12:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cloudmark
[2012/06/06 12:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Cloudmark
[2012/06/06 12:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Cloudmark
[2012/05/30 20:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/05/30 20:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/05/29 12:16:49 | 000,000,000 | ---D | C] -- C:\Windows\Offline Address Books
[13 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/24 19:21:43 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Kathleen\Desktop\OTL.exe
[2012/06/24 19:20:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/24 17:11:25 | 000,000,512 | ---- | M] () -- C:\Users\Kathleen\Desktop\MBR.dat
[2012/06/24 17:03:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kathleen\Desktop\aswMBR.exe
[2012/06/24 16:12:12 | 001,521,152 | ---- | M] () -- C:\Users\Kathleen\Desktop\RogueKiller.exe
[2012/06/24 16:11:02 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/24 16:11:02 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/24 16:09:49 | 000,733,190 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/24 16:09:49 | 000,628,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/24 16:09:49 | 000,107,976 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/24 16:03:18 | 2113,703,935 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/24 16:01:04 | 001,415,784 | ---- | M] () -- C:\Users\Kathleen\Desktop\yorkyt.exe
[2012/06/24 10:49:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/24 10:41:37 | 004,567,243 | R--- | M] (Swearware) -- C:\Users\Kathleen\Desktop\ComboFix.exe
[2012/06/24 10:34:59 | 002,109,806 | ---- | M] () -- C:\Users\Kathleen\Desktop\tdsskiller.zip
[2012/06/24 07:58:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kathleen\Desktop\dds.scr
[2012/06/24 07:57:33 | 000,000,000 | ---- | M] () -- C:\Users\Kathleen\defogger_reenable
[2012/06/24 07:56:55 | 000,050,477 | ---- | M] () -- C:\Users\Kathleen\Desktop\Defogger.exe
[2012/06/24 07:00:18 | 001,012,656 | ---- | M] () -- C:\Users\Kathleen\Desktop\rkill.exe
[2012/06/23 21:00:00 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\New scheduled scan.job
[2012/06/23 17:01:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/23 14:11:52 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/20 11:47:41 | 000,002,050 | -H-- | M] () -- C:\Users\Kathleen\Documents\Default.rdp
[2012/06/18 17:26:19 | 000,635,497 | ---- | M] () -- C:\Users\Kathleen\Desktop\RoF-2333-1-manuscript.pdf
[2012/06/14 20:49:26 | 000,747,542 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/14 20:40:47 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/14 20:19:52 | 000,496,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/06 12:13:59 | 000,001,152 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cloudmark DesktopOne.lnk
[2012/05/30 20:52:23 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

========== Files Created - No Company Name ==========

[2012/06/24 17:11:25 | 000,000,512 | ---- | C] () -- C:\Users\Kathleen\Desktop\MBR.dat
[2012/06/24 16:12:12 | 001,521,152 | ---- | C] () -- C:\Users\Kathleen\Desktop\RogueKiller.exe
[2012/06/24 16:01:04 | 001,415,784 | ---- | C] () -- C:\Users\Kathleen\Desktop\yorkyt.exe
[2012/06/24 10:43:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/24 10:43:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/24 10:43:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/24 10:43:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/24 10:43:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/24 10:34:53 | 002,109,806 | ---- | C] () -- C:\Users\Kathleen\Desktop\tdsskiller.zip
[2012/06/24 07:57:33 | 000,000,000 | ---- | C] () -- C:\Users\Kathleen\defogger_reenable
[2012/06/24 07:56:55 | 000,050,477 | ---- | C] () -- C:\Users\Kathleen\Desktop\Defogger.exe
[2012/06/24 07:00:18 | 001,012,656 | ---- | C] () -- C:\Users\Kathleen\Desktop\rkill.exe
[2012/06/23 17:01:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/23 14:11:52 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/06/18 08:43:29 | 000,635,497 | ---- | C] () -- C:\Users\Kathleen\Desktop\RoF-2333-1-manuscript.pdf
[2012/06/14 20:40:47 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/06 12:13:59 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cloudmark DesktopOne.lnk
[2012/03/02 19:33:43 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2012/03/02 19:32:48 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2012/03/02 19:32:48 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/08/01 15:16:55 | 000,186,086 | ---- | C] () -- C:\Users\Kathleen\dictionary.jar
[2011/08/01 15:16:54 | 000,000,123 | ---- | C] () -- C:\Users\Kathleen\EditLiveForJava.ini
[2011/06/23 20:21:10 | 000,000,292 | ---- | C] () -- C:\ProgramData\LastUpdate.xml
[2011/06/23 20:21:10 | 000,000,031 | ---- | C] () -- C:\Windows\WebUpdateSvc4.INI
[2011/06/23 20:19:59 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\wuwuninst.exe
[2011/06/23 13:23:23 | 000,747,542 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/21 16:27:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/21 14:55:55 | 000,000,793 | ---- | C] () -- C:\Windows\{D34D89A7-F2AE-4004-B861-E7E7039F6FD0}_WiseFW.ini
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/05/11 15:32:31 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Canon
[2012/06/06 12:14:54 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Cloudmark
[2012/06/23 14:15:44 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\DriverCure
[2012/06/23 14:44:20 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Panda Security
[2012/03/02 19:33:45 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\pdf995
[2011/09/29 10:52:35 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\SAS
[2012/06/23 14:15:44 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\SpeedMaxPc
[2011/10/14 11:21:58 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\SSH
[2011/06/23 20:30:05 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Stata10
[2012/02/13 17:25:28 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\TaxCut
[2012/06/23 21:00:00 | 000,000,542 | ---- | M] () -- C:\Windows\Tasks\New scheduled scan.job
[2012/04/09 06:46:50 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< c:\windows\*. /SL >

< c:\windows\*. /RP >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011/06/23 21:08:14 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Adobe
[2012/04/10 06:49:31 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Apple Computer
[2012/05/11 15:32:31 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Canon
[2012/06/06 12:14:54 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Cloudmark
[2012/06/23 14:15:44 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\DriverCure
[2012/01/16 11:00:24 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Help
[2011/06/21 14:41:28 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Identities
[2011/06/21 16:57:51 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Macromedia
[2012/06/23 14:30:17 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Malwarebytes
[2009/07/14 00:45:37 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Media Center Programs
[2012/03/11 17:45:56 | 000,000,000 | --SD | M] -- C:\Users\Kathleen\AppData\Roaming\Microsoft
[2011/06/21 16:38:57 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Mozilla
[2012/06/23 14:44:20 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Panda Security
[2012/03/02 19:33:45 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\pdf995
[2011/12/02 13:12:01 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Real
[2011/09/29 10:52:35 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\SAS
[2012/06/17 18:31:28 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Skype
[2012/06/23 14:15:44 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\SpeedMaxPc
[2011/10/14 11:21:58 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\SSH
[2011/06/23 20:30:05 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Stata10
[2012/02/13 17:25:28 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\TaxCut
[2011/09/15 11:00:13 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\U3

< %APPDATA%\*.exe /s >
[2012/05/27 12:03:49 | 000,315,544 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Kathleen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe
[2012/05/27 15:04:42 | 027,387,328 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Kathleen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer.exe
[2012/05/27 15:03:53 | 000,692,480 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Kathleen\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2011/06/23 09:17:04 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011/06/23 09:17:04 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2012/05/17 15:48:40 | 009,737,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< End of report >


Extras.txt:

OTL Extras logfile created on: 6/24/2012 7:22:30 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Kathleen\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.92% Memory free
15.91 Gb Paging File | 13.64 Gb Available in Paging File | 85.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 302.46 Gb Free Space | 64.95% Space Free | Partition Type: NTFS

Computer Name: MH315J-KAHLEHOM | User Name: Kathleen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F29C8E5-5810-4BF6-862B-5F0E2FC3D72B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{115FD81D-87FE-4F9E-A1C0-B15BB1B51A4A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FC8B38B-9C70-4013-A5EA-7407D79B8969}" = rport=138 | protocol=17 | dir=out | app=system |
"{224F3D49-2B1B-489F-A5A2-F2EF1D9E9AE0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B3F7470-AAAA-4E56-BEDA-ED791C5A6BB3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{400ABD66-72CD-4558-B6A5-1AD8C3788D44}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55DAED57-6AF0-4A6D-9B30-ACE05FF77CAF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D22F038-A02F-4DD1-BF58-D516261D1077}" = rport=137 | protocol=17 | dir=out | app=system |
"{5FD9B78F-80A8-4964-84F3-62EF7BB50A71}" = lport=445 | protocol=6 | dir=in | app=system |
"{7CC7D409-7FE5-4898-963F-3FF37E837D97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D7DCE7A-7083-4990-8F5D-C2727BD630A7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7E198329-FE37-4533-93E2-E1A9045F6CCC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{96D4AC8C-B40F-4BA5-8F32-58A005559EF4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9A5BA125-ED73-44FC-B9C7-5DFF4CFCFAF5}" = rport=445 | protocol=6 | dir=out | app=system |
"{9F4F6C9D-FAE4-4303-B955-C9998C1D6CC7}" = lport=138 | protocol=17 | dir=in | app=system |
"{A062E966-0D95-4342-BFC4-14998F4419DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8E8807A-9DD3-4EED-BD33-D36CF06698AA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B8A9379C-603A-4CF7-A65C-6BE08612D406}" = lport=139 | protocol=6 | dir=in | app=system |
"{CE9356F0-0AA5-479C-ABC6-49657F8BA155}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D02B37A3-1E97-4AFA-B834-BB374C5C3EF8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D39C072B-CE97-4370-90B7-B1860C73217E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E40328FD-52E0-4646-AE11-38F7ABA6B972}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFBF5526-5F5C-4DCC-9C27-1FBD8FE396E4}" = rport=139 | protocol=6 | dir=out | app=system |
"{FD28C0F5-014E-4B68-99D8-0A7181F4294F}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03587898-A228-4AE9-A5CF-3A86DA6B3A16}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{0B890DA9-877F-498C-9033-4CE87D1E0EE1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{123147DD-C72D-4F80-B06A-0697A3171619}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{188E0642-3623-4C1B-8AE5-C3D0F91CCDB6}" = protocol=17 | dir=in | app=c:\program files (x86)\qws3270 secure\lpd.exe |
"{1FC5D0F7-DA8B-4F33-BFAF-72350FFC2EE9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{473CF038-EF5F-4B9F-ADF2-187CB921215A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4808CE77-3FBF-47B1-A7C5-1D96EE81DF67}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{495AE490-A1B5-4F67-9D08-042DF39D6BCA}" = protocol=17 | dir=in | app=c:\program files (x86)\qws3270 secure\autoupdt.exe |
"{4AEEDE76-69BD-4EEB-B971-1D27CC907621}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50123EE2-8189-4220-A045-41F08F0E9EBA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{587DFBD3-2E6B-4B4F-833F-29E778E030A9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{609E1B03-2C23-487F-88F0-B04F20014C6B}" = protocol=6 | dir=in | app=c:\program files (x86)\qws3270 secure\lpd.exe |
"{66688469-338D-4E58-A911-2D89B4A68BC0}" = protocol=17 | dir=in | app=c:\program files (x86)\qws3270 secure\qws3287p.exe |
"{669DB28C-9275-4AA0-91CD-29537A6BBA53}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E286382-56CB-44B9-B42B-5E956623302D}" = protocol=6 | dir=in | app=c:\program files (x86)\qws3270 secure\qws3270s.exe |
"{72DEA563-B53F-45F0-937B-A7CF811BCE92}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7F62F904-8CAA-4B1D-A717-B1F84C0F19CB}" = protocol=6 | dir=in | app=c:\program files (x86)\qws3270 secure\qws3287p.exe |
"{80BB5D52-02EF-4295-BF06-77A8FA308EBA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{80F9B3BD-991E-4E81-8AF6-5D863B7F39A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84D37289-82B9-4600-83AF-221E6E191A78}" = protocol=6 | dir=in | app=c:\program files (x86)\qws3270 secure\autoupdt.exe |
"{885F24BF-A688-4555-A310-4A8FBB7A8F9D}" = protocol=6 | dir=out | app=system |
"{8B03BD10-AB54-4A09-A54E-768E45A8F91E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8CC1AB3A-179C-4EAE-ACAB-C55FF67246AB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8DDD2E68-C9CB-42C2-906E-120B459A4EF1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8E5F5DA0-7936-4099-8777-B271A22C2133}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{917E64A6-E19E-495A-A2DB-C6F2CA3E1A20}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{94512CD5-5F2F-4348-BE2B-9A31210B4C40}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9AC410ED-C7B8-4670-B4F9-2A416FB356B4}" = protocol=17 | dir=in | app=c:\program files (x86)\qws3270 secure\qws3270s.exe |
"{9F40AC2E-48FE-4BB1-B232-F59B4E912A3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9F3B69A-327D-4883-8350-592EBE3EF22B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{B22DFBEC-4722-49A4-84DE-4C3B65008CEA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B53BE703-2804-426B-850B-27E954854C33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B85A6440-92A6-4D0D-AF96-10EC0305F561}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BA1B2E4B-075D-4AB3-9F0F-45A95146EA68}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BC4271A4-1DA6-4FB0-BD04-3C03C8C6EE3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BC6395B8-52F2-4C5D-86F3-E69849C9A24A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BC8BA24D-0BBD-4806-B5E0-5B5D1722BE89}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{C0704AAF-2706-4F7D-89D8-6A806812191B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C1ABFA78-BB50-475A-A6EC-C886B431DCCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DECFA351-3897-4191-BD5C-F9058456BA77}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F209D07C-5C4E-448D-8C32-505EDE4602A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F69911C0-A0A5-4DC6-AC03-F31825D70E6F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{4C1C2845-248D-42EF-8D3E-BF41A010D8D3}C:\program files\sas\sasfoundation\9.2\sas.exe" = protocol=6 | dir=in | app=c:\program files\sas\sasfoundation\9.2\sas.exe |
"UDP Query User{4BDAA0CB-8E2D-4F5C-8B93-28DAA35BF3DF}C:\program files\sas\sasfoundation\9.2\sas.exe" = protocol=17 | dir=in | app=c:\program files\sas\sasfoundation\9.2\sas.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D25F7CC-B99C-44ee-9945-B14532B2BB7B}" = Canon MP830
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{59B814A0-FC1B-4B2B-92D8-2F297A154C98}" = Cloudmark DesktopOne
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0000-1000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2010
"{90140000-0017-0000-1000-0000000FF1CE}_Office14.SharePointDesigner_{F700B2E6-D75C-4221-8F46-18DFAF776D5D}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0017-0409-1000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2010
"{90140000-0017-0409-1000-0000000FF1CE}_Office14.SharePointDesigner_{DE2352CC-BE07-4583-B0CC-65AD9C097B59}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PRJPRO_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SharePointDesigner_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIO_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PRJPRO_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SharePointDesigner_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIO_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PRJPRO_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SharePointDesigner_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.VISIO_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PRJPRO_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.SharePointDesigner_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.VISIO_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-1000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPRO_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPRO_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SharePointDesigner_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIO_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PRJPRO_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.SharePointDesigner_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.VISIO_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-1000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-1000-0000000FF1CE}_Office14.VISIO_{7DC2B20B-31B9-4C7C-B8DC-8492A9A3095E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-1000-0000000FF1CE}_Office14.VISIO_{9081486B-B26D-42DB-8D31-81C525A9526A}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PRJPRO_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.SharePointDesigner_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.VISIO_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-1000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-1000-0000000FF1CE}_Office14.PRJPRO_{316A864B-0547-40CE-B136-B02B4D18BF09}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PRJPRO_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.SharePointDesigner_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.VISIO_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.SharePointDesigner" = Microsoft SharePoint Designer 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"PROSet" = Intel® Network Connections Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024F0}" = Java™ 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3FD2225B-31D1-4E22-9D76-82F966F04374}" = H&R Block Arizona 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{6395D480-9F3B-4930-8204-B91C8882F967}" = Stata 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8D5B39E-815D-44BC-AC52-657FE3D2E21D}" = SUNIX Multi-IO Controller
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{bcd538f9-31bf-4730-920a-066a6f7fb10d}" = SAS 9.3
"{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C82D7FBA-316A-4A2B-87AE-EC2B0E9587AC}" = SDC Platinum V4.0.3.1
"{D34D89A7-F2AE-4004-B861-E7E7039F6FD0}" = QWS3270 Secure
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 9.22beta
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"GoToAssist" = GoToAssist Corporate
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.2" = Canon MP Navigator 2.2
"Pdf995" = Pdf995 (installed by H&R Block)
"PdfEdit995" = PdfEdit995 (installed by H&R Block)
"RealPlayer 15.0" = RealPlayer
"Stat/Transfer" = Stat/Transfer Nine
"Web Update Wizard (Redistributable)" = Web Update Wizard (Redistributable) 4.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"251357396036B5D2E543F5524DD05C1229AF92FE" = Cloudmark DesktopOne Outlook 2010 Add-in
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/24/2012 1:37:56 PM | Computer Name = mh315j-kahlehom | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/24/2012 1:37:56 PM | Computer Name = mh315j-kahlehom | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/24/2012 5:23:10 PM | Computer Name = mh315j-kahlehom | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 6/24/2012 10:20:37 PM | Computer Name = mh315j-kahlehom | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/24/2012 10:20:37 PM | Computer Name = mh315j-kahlehom | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4005653

Error - 6/24/2012 10:20:37 PM | Computer Name = mh315j-kahlehom | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4005653

[ System Events ]
Error - 6/24/2012 1:26:47 PM | Computer Name = mh315j-kahlehom | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/24/2012 1:26:47 PM | Computer Name = mh315j-kahlehom | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/24/2012 1:26:47 PM | Computer Name = mh315j-kahlehom | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 6/24/2012 1:43:09 PM | Computer Name = mh315j-kahlehom | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/24/2012 1:46:07 PM | Computer Name = mh315j-kahlehom | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/24/2012 1:47:33 PM | Computer Name = mh315j-kahlehom | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 6/24/2012 1:49:59 PM | Computer Name = mh315j-kahlehom | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/24/2012 7:02:43 PM | Computer Name = mh315j-kahlehom | Source = DCOM | ID = 10010
Description =

Error - 6/24/2012 7:02:46 PM | Computer Name = mh315j-kahlehom | Source = DCOM | ID = 10010
Description =

Error - 6/24/2012 8:01:14 PM | Computer Name = mh315j-kahlehom | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

#13 KathyAZ

KathyAZ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 25 June 2012 - 03:19 PM

Will reformatting my hard drive and starting over eliminate the malware?

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:50 AM

Posted 25 June 2012 - 03:25 PM

Hello,

We are going to have to do some work here so follow along. If you have any questions please ask them before proceeding.

1.
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :otl
    O4:64bit: - HKLM..\Run: [SASSystemPrep] D:\setup.exe -lang en -order 99CKR7 File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home] https in Local intranet)
    O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.apac] https in Local intranet)
    O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.emea] https in Local intranet)
    O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.noam] https in Local intranet)
    O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint] https in Local intranet)
    O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.apac] https in Local intranet)
    O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea] https in Local intranet)
    O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.noam] https in Local intranet)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    [2012/06/23 14:15:44 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\DriverCure
    [2012/06/23 14:44:20 | 000,000,000 | ---D | M] -- C:\Users\Kathleen\AppData\Roaming\Panda Security
    
    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
    [EMPTYJAVA] 
    [DRIVES] 
    [CREATERESTOREPOINT]
    
    
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

2.
We need uninstall and then reinstall Firefox. If it ask you if you want to delete any application data or user profiles information please click yes or ok.

Mozilla Firefox Download page


3.
Please go to http://support.microsoft.com/kb/923737 and scroll down to the Posted Imageand click it. This will reset Internet Explorer and fix any bad entries.




Things to include in your next reply::
OTL fix log
Still redirecting?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 KathyAZ

KathyAZ
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 25 June 2012 - 04:03 PM

OK, I did all that and it doesnt seem to be redirecting now. I removed the personalizations in both Mozilla and IE, but can I import my favorites back into them now?


Here's the latest OTL log:

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SASSystemPrep deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.home\ deleted successfully.
Invalid CLSID key: *.home
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.home.apac\ deleted successfully.
Invalid CLSID key: *.home.apac
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.home.emea\ deleted successfully.
Invalid CLSID key: *.home.emea
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.home.noam\ deleted successfully.
Invalid CLSID key: *.home.noam
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.sharepoint\ deleted successfully.
Invalid CLSID key: *.sharepoint
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.sharepoint.apac\ deleted successfully.
Invalid CLSID key: *.sharepoint.apac
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.sharepoint.emea\ deleted successfully.
Invalid CLSID key: *.sharepoint.emea
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\*.sharepoint.noam\ deleted successfully.
Invalid CLSID key: *.sharepoint.noam
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
C:\Users\Kathleen\AppData\Roaming\DriverCure folder moved successfully.
C:\Users\Kathleen\AppData\Roaming\Panda Security\Panda Cloud Antivirus folder moved successfully.
C:\Users\Kathleen\AppData\Roaming\Panda Security folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kathleen
->Temp folder emptied: 60330397 bytes
->Temporary Internet Files folder emptied: 172443734 bytes
->Java cache emptied: 542727 bytes
->FireFox cache emptied: 142914189 bytes
->Google Chrome cache emptied: 6808768 bytes
->Flash cache emptied: 14268368 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1601760 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 380.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kathleen
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Error: Unable to interpret <[DRIVES] > in the current context!
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06252012_133358

Files\Folders moved on Reboot...
C:\Users\Kathleen\AppData\Local\Temp\ExchangePerflog_8484fa315507ca46cfcccd43.dat moved successfully.
C:\Users\Kathleen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XG8G59DO\api[1].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XG8G59DO\InboxLight[1].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XG8G59DO\LocalStorage[1].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XG8G59DO\xmlProxy[4].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVMBMY6Z\12[1].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVMBMY6Z\beacon[3].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVMBMY6Z\EditMessageLight[2].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVMBMY6Z\eller_arizona_edu[1].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVMBMY6Z\GRedirect[5].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6GV4HZF\api[1].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6GV4HZF\Empty[4].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6GV4HZF\flashwrite_1_2[1].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6GV4HZF\GRedirect[3].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6GV4HZF\GRedirect[4].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6GV4HZF\Messenger[1].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6GV4HZF\resourcespreload[1].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPSQUWL5\ai[2].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPSQUWL5\jsapi[1].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPSQUWL5\quant[1].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPSQUWL5\xmlProxy[4].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PRHY3AKC\adloader[1].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PRHY3AKC\ga[1].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PRHY3AKC\jquery.min[1].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHBH0NFP\api[1].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHBH0NFP\GRedirect[2].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHBH0NFP\GRedirect[3].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHBH0NFP\gz5FaFUp24x[1].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHBH0NFP\loader.cxp[1].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHBH0NFP\ZGx2i9BB1qa[1].css moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZMJ1OQ\api[1].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9X44VFZ\ai[2].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9X44VFZ\ga[1].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9X44VFZ\GRedirect[4].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9X44VFZ\xmlProxy[1].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9X44VFZ\xmlproxy[1].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK6LPRPI\GRedirect[3].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK6LPRPI\mstag[1].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK6LPRPI\sh090[1].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HVM0HCP\3687X620620.skimlinks[1].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HVM0HCP\GRedirect[2].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MQY7PUN\6CIk-pv617F[1].css moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MQY7PUN\AdChoices[1].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MQY7PUN\AjaxHistoryFrame[1].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MQY7PUN\api[1].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MQY7PUN\flextag[6].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\BOwYwRudgQC[1].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\ContactList[2].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\css[3].css moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\css[4].css moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\default[2].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\facebook_com[3].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\flextag[3].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\js[3].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\js[4].js moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\js[5].js moved successfully.
File\Folder C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\RteFrame_16.2.7040.0620[1].htm not found!
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\xmlProxy[3].htm moved successfully.
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\yahoo_com[1].htm moved successfully.
C:\Windows\temp\wbxtra_06252012_062224.wbt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Kathleen\AppData\Local\Temp\ExchangePerflog_8484fa315507ca46cfcccd43.dat not found!
File C:\Users\Kathleen\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XG8G59DO\api[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XG8G59DO\InboxLight[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XG8G59DO\LocalStorage[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XG8G59DO\xmlProxy[4].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVMBMY6Z\12[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVMBMY6Z\beacon[3].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVMBMY6Z\EditMessageLight[2].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVMBMY6Z\eller_arizona_edu[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WVMBMY6Z\GRedirect[5].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6GV4HZF\api[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6GV4HZF\Empty[4].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6GV4HZF\flashwrite_1_2[1].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6GV4HZF\GRedirect[3].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6GV4HZF\GRedirect[4].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6GV4HZF\Messenger[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W6GV4HZF\resourcespreload[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPSQUWL5\ai[2].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPSQUWL5\jsapi[1].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPSQUWL5\quant[1].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPSQUWL5\xmlProxy[4].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PRHY3AKC\adloader[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PRHY3AKC\ga[1].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PRHY3AKC\jquery.min[1].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHBH0NFP\api[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHBH0NFP\GRedirect[2].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHBH0NFP\GRedirect[3].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHBH0NFP\gz5FaFUp24x[1].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHBH0NFP\loader.cxp[1].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHBH0NFP\ZGx2i9BB1qa[1].css not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZMJ1OQ\api[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9X44VFZ\ai[2].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9X44VFZ\ga[1].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9X44VFZ\GRedirect[4].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9X44VFZ\xmlProxy[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G9X44VFZ\xmlproxy[1].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK6LPRPI\GRedirect[3].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK6LPRPI\mstag[1].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AK6LPRPI\sh090[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HVM0HCP\3687X620620.skimlinks[1].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4HVM0HCP\GRedirect[2].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MQY7PUN\6CIk-pv617F[1].css not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MQY7PUN\AdChoices[1].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MQY7PUN\AjaxHistoryFrame[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MQY7PUN\api[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MQY7PUN\flextag[6].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\BOwYwRudgQC[1].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\ContactList[2].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\css[3].css not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\css[4].css not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\default[2].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\facebook_com[3].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\flextag[3].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\js[3].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\js[4].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\js[5].js not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\RteFrame_16.2.7040.0620[1].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\xmlProxy[3].htm not found!
File C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N9N9R8U\yahoo_com[1].htm not found!
File C:\Windows\temp\wbxtra_06252012_062224.wbt not found!

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users