# IncrediBar virus on my laptop-Please help!!!!



## ajpnsld (Apr 11, 2012)

Hi,

I saw a post earlier about IncrediBar (http://forums.techguy.org/virus-other-malware-removal/1035880-incredibar.html) and how you sent a script with Combofix to fix that issue. I have the same problem of IncrediBar appearing in Chrome. I installed combofix and following is the log that I got after it ran.

I'm unable to open any application on my laptop after running combofix. I'm getting the following error message:
"Illegal operation attempted on a registry key that has been marked for deletion"

Please take a look at it and your help is very much appreciated.

**********************************************************************************

ComboFix 12-04-05.09 - pamarj1 04/05/2012 20:36:43.1.2 - x86
MicrosoftÆ Windows Vistaô Home Premium 6.0.6001.1.1252.1.1033.18.2038.649 [GMT -5:00]
Running from: c:\users\pamarj1\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL5393.tmp
c:\users\pamarj1\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
c:\users\Public\~WRL0001.tmp
c:\windows\system32\muzapp.exe
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\vjocx.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
-------\Service_vvdsvc
-------\Service_vvdsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 01:55 . 2012-04-06 01:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-06 01:55 . 2012-04-06 01:55	--------	d-----w-	c:\users\257\AppData\Local\temp
2012-04-06 01:55 . 2012-04-06 02:07	--------	d-----w-	c:\users\pamarj1\AppData\Local\temp
2012-04-06 01:55 . 2012-04-06 01:55	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2012-04-06 00:59 . 2012-03-14 02:15	6582328	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73B29E38-876C-480A-855C-147CECF7033F}\mpengine.dll
2012-04-01 19:05 . 2012-04-01 19:05	--------	d-----w-	c:\programdata\Premium
2012-04-01 19:01 . 2012-04-01 19:01	--------	d-----w-	c:\users\pamarj1\AppData\Local\Premiumplay Codec-C
2012-04-01 19:01 . 2012-04-01 19:01	--------	d-----w-	c:\program files\Premiumplay Codec-C
2012-04-01 19:00 . 2012-04-01 19:00	--------	d-----w-	C:\codec-info
2012-04-01 18:34 . 2012-04-01 18:34	448	----a-w-	C:\user.js
2012-04-01 18:31 . 2012-04-01 19:05	--------	d-----w-	c:\programdata\InstallMate
2012-03-20 00:32 . 2012-03-20 00:32	--------	d-----w-	c:\programdata\InstallShield
2012-03-20 00:27 . 2012-03-20 00:27	--------	d-----w-	c:\program files\CA Design
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 18:45 . 2012-04-01 18:45	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-01 18:45 . 2011-06-30 22:49	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 02:15 . 2011-04-02 01:29	6582328	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-24 01:53 . 2012-02-24 02:00	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D32082A-F433-45EC-9E2D-1A4F880398CE}\gapaengine.dll
2012-01-31 12:44 . 2009-10-02 17:16	237072	------w-	c:\windows\system32\MpSigStub.exe
2007-02-08 16:48 . 2007-02-08 16:48	133920	----a-w-	c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2009-06-24 01:41 . 2009-06-24 01:41	158720	----a-w-	c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"Plex Media Server"="c:\program files\Plex\Plex Media Server\Plex Media Server.exe" [2011-07-27 2495056]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-22 39408]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-12-28 937360]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-28 21392]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-12-28 3508624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\pamarj1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Sync Loader]
2011-05-11 19:14	638976	----a-w-	c:\program files\ASUS\ASUS Sync\asusUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]
2011-06-08 07:09	737104	----a-w-	c:\program files\ASUS\ASUS WebStorage\3.0.102.211\AsusWSPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 14:14	323392	----a-w-	c:\users\pamarj1\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-10 11:59	115816	----a-w-	c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-01-19 23:55	50520	----a-w-	c:\users\pamarj1\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-22 18:12	17920	----a-r-	c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57	369200	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-11-06 04:55	137536	----atw-	c:\users\pamarj1\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2007-12-17 17:12	243240	----a-w-	c:\program files\Windows Live\Family Safety\fssui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-02 13:57	135664	----atw-	c:\users\pamarj1\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22	3739648	----a-w-	c:\users\pamarj1\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-03-05 17:06	173592	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 12:58	75008	----a-w-	c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 00:03	186904	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-03-05 17:06	141848	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-09-10 22:40	289576	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdkamon]
2007-06-01 13:06	20480	----a-w-	c:\program files\Lexmark 5300 Series\lxdkamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdkmon.exe]
2007-06-22 08:17	455344	----a-w-	c:\program files\Lexmark 5300 Series\lxdkmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 03:59	4347120	----a-w-	c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 17:34	5724184	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-03-05 17:06	150552	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 18:38	159744	----a-w-	c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-24 01:11	176128	----a-w-	c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 20:09	413696	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBC_McciTrayApp]
2007-02-28 19:35	1011200	----a-w-	c:\program files\SBC\update\SST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-17 04:34	634880	----a-w-	c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-18 19:27	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-22 03:14	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01	2634048	----a-w-	c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29	37888	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2008-11-06 03:59	4347120	----a-w-	c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance	REG_MULTI_SZ ASBroker ASChannel
vvdsvc	REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:45]
.
2007-12-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]
.
2012-03-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
- c:\users\pamarj1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 04:55]
.
2012-04-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
- c:\users\pamarj1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 04:55]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 18:52]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 18:52]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
- c:\users\pamarj1\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 13:57]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
- c:\users\pamarj1\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 13:57]
.
2010-05-20 c:\windows\Tasks\Install.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-04-26 20:47]
.
2012-04-06 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - pamarj1.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 15:09]
.
2012-04-06 c:\windows\Tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
2012-04-06 c:\windows\Tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb119?a=6R8oCjuYer&i=26
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb119?a=6R8oCjuYer&i=26
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6R8oCjuYer&&i=26&search=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Premiumplay Codec-C: [email protected] - %profile%\extensions\[email protected]
FF - Ext: incredibar.com: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Veoh Web Player Video Finder: [email protected] - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF - Ext: Move Media Player: [email protected] - c:\users\pamarj1\AppData\Roaming\Move Networks
FF - Ext: XULRunner: {7AF6830F-D3D8-4973-BA4D-74783BE69F62} - c:\users\pamarj1\AppData\Local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Splashtop Remote: [email protected] - c:\program files\Splashtop\Splashtop Remote\Server\plugin\FFExtensions
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8oCjuYer&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 2ac6db57000000000000001b77cdb69d
FF - user.js: extensions.incredibar_i.instlDay - 15431
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:34
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6R8oCjuYer
FF - user.js: extensions.incredibar_i.upn2n - 92824116097263855
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 5
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Aqevawirozilizo - c:\users\pamarj1\AppData\Local\uhipuhid.dll
MSConfigStartUp-duosmart700mod0en - c:\users\pamarj1\AppData\Roaming\36F860A254720FDB0B7773C83A3C5541\duosmart700mod0en.exe
MSConfigStartUp-Etisapuqazefi - c:\users\pamarj1\AppData\Local\dkrbne.dll
MSConfigStartUp-LvmbfeefngNa - c:\users\pamarj1\AppData\Local\Temp\b2zr0h9ckl.exe
MSConfigStartUp-Lvmbfeefnvjb - c:\users\pamarj1\AppData\Local\Temp\zufjztp1b.exe
MSConfigStartUp-uPc+noqPiejlayZCxl - c:\users\pamarj1\AppData\Local\Temp\g3szqjth.dll
MSConfigStartUp-uPc+noqPiejlcOJsiv - c:\users\pamarj1\AppData\Local\Temp\j1zr4.dll
MSConfigStartUp-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
MSConfigStartUp-wxsaonrcme - c:\users\pamarj1\AppData\Local\Temp\wxsaonrcme.exe
AddRemove-{0BFC200F-C45D-4271-AF34-4CA969225DEB} - c:\program files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe
AddRemove-{34D2AB40-150D-475D-AE32-BD23FB5EE355} - c:\program files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe
AddRemove-{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF} - c:\program files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1516)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\progra~1\ASUS\ASUSWE~1\30102~1.211\ASUSWS~1.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Windows Live\Family Safety\fsssvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxdkcoms.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe
c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WerCon.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Completion time: 2012-04-05 21:18:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 02:17
.
Pre-Run: 5,080,702,976 bytes free
Post-Run: 9,459,458,048 bytes free
.
- - End Of File - - DE259CB81EA17016BF831F2F5A651BCA


----------



## ajpnsld (Apr 11, 2012)

I wanted to add more information about the the IncrediBar virus on my laptop. 

I have Microsoft Security essentials antivirus on my comuter. I don't know how incrediBar virus got into my laptop. Whenever I type any random words in Google chrome, I get the Incredibar search engine. I ran Combofix after looking at your other forums about IncrediBar virus.

I am unable to see complete "System information" of my laptop as it is not opening after running Combofix. Following is some information about my laptop:
HP DV6000 laptop bought in 2007
OS: Windows Vista 32-bit
RAM: 2GB
Memory: 120 GB
Intel Core Duo 1.5 GHz

I hope this information is helpful.


----------



## ajpnsld (Apr 11, 2012)

Hi

Do you guys need any other information from my side?

thanks


----------



## ajpnsld (Apr 11, 2012)

Hi,

I have this MyStart Incredibar virus on my laptop. I don't know how it got into my computer as I never had this problem before. Whenever I open any browser (FF/Chrome) the home page is incredibar page. I can see that on the toolbar of my browser as well. I scanned my computer with Malwarebytes, Combofix but the virus could not be deleted. I have Microsoft Security essentials antivirus in my laptop.

I tried to fix the virus myself by going through forums and other internet sources. But I could not fix it. I came across your forum that had people with the same problem. I followed the steps given in the forum where I need to download Hijack this.

Following is my system information:
OS: MS Windows Vista
Version: 6.0.6001 Service Pack 1 Build 6001
System Manufacturer:	Hewlett-Packard
System Model:	HP Pavilion dv6500 Notebook PC
System Type:	X86-based PC
Processor:	Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz, 1500 Mhz, 2 Core(s), 2 Logical Processor(s)
Windows Directory:	C:\Windows
System Directory:	C:\Windows\system32
Locale:	United States
Installed Physical Memory (RAM):	2.00 GB
Total Physical Memory:	1.99 GB
Available Physical Memory:	72.6 MB
Total Virtual Memory:	4.22 GB
Available Virtual Memory:	2.44 GB

Following are the logs.
HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:52:27 PM, on 4/12/2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\pamarj1\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb119?a=6R8oCjuYer&i=26
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/livetv.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: lxdkCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdkserv.exe
O23 - Service: lxdk_device - - C:\Windows\system32\lxdkcoms.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 14170 bytes

DDS.txt log

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_15
Run by pamarj1 at 20:53:43 on 2012-04-12
Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.2038.656 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxdkcoms.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\pamarj1\Desktop\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com/mb119?a=6R8oCjuYer&i=26
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Windows Live OneCare Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [Plex Media Server] "c:\program files\plex\plex media server\Plex Media Server.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} - hxxp://www.ooxtv.com/livetv.ocx
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{00F5FC4A-1ADF-4AC4-8EB4-B213ADBF5159} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907} : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\APSHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pamarj1\appdata\roaming\mozilla\firefox\profiles\hr7z8ah5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb119?a=6R8oCjuYer&i=26
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6R8oCjuYer&&i=26&search=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv90win32.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\pamarj1\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\pamarj1\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\pamarj1\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\pamarj1\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\pamarj1\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\pamarj1\program files\dna\plugins\npbtdna.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Premiumplay Codec-C: [email protected] - %profile%\extensions\[email protected]
FF - Ext: incredibar.com: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Veoh Web Player Video Finder: [email protected] - c:\program files\veoh networks\veohwebplayer\FFVideoFinder
FF - Ext: Move Media Player: [email protected] - c:\users\pamarj1\appdata\roaming\Move Networks
FF - Ext: XULRunner: {7AF6830F-D3D8-4973-BA4D-74783BE69F62} - c:\users\pamarj1\appdata\local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Splashtop Remote: [email protected] - c:\program files\splashtop\splashtop remote\server\plugin\FFExtensions
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8oCjuYer&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 2ac6db57000000000000001b77cdb69d
FF - user.js: extensions.incredibar_i.instlDay - 15431
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:34:24
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6R8oCjuYer
FF - user.js: extensions.incredibar_i.upn2n - 92824116097263855
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 5
.
============= SERVICES / DRIVERS ===============
.
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20071122.002\IDSvix86.sys [2007-11-26 180272]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-6-9 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-6-9 21504]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2007-12-7 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2007-12-17 523816]
R2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe -service --> c:\windows\system32\lxdkcoms.exe -service [?]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-3-30 406856]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-3-7 341832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-10 102448]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-2-16 1251720]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-1-9 38200]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-2 133104]
S2 lxdkCATSCustConnectService;lxdkCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdkserv.exe [2007-6-14 99248]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-2-7 80184]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-2 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-2-7 181432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ansysi~1\shared~1\licens~1\intel\lmgrd.exe [2010-1-12 1294336]
.
=============== Created Last 30 ================
.
2012-04-13 01:36:47	6582328	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{0a231336-062a-46ba-b5dc-da16678f42f7}\mpengine.dll
2012-04-06 02:18:50	--------	d-----w-	c:\users\pamarj1\appdata\local\temp
2012-04-06 02:07:06	--------	d-sh--w-	C:\$RECYCLE.BIN
2012-04-06 01:32:09	208896	----a-w-	c:\windows\MBR.exe
2012-04-06 01:32:08	98816	----a-w-	c:\windows\sed.exe
2012-04-06 01:32:08	518144	----a-w-	c:\windows\SWREG.exe
2012-04-06 01:32:08	256000	----a-w-	c:\windows\PEV.exe
2012-04-06 01:31:54	--------	d-----w-	C:\ComboFix
2012-04-01 19:05:36	--------	d-----w-	c:\programdata\Premium
2012-04-01 19:01:22	--------	d-----w-	c:\users\pamarj1\appdata\local\Premiumplay Codec-C
2012-04-01 19:01:12	--------	d-----w-	c:\program files\Premiumplay Codec-C
2012-04-01 19:00:54	--------	d-----w-	C:\codec-info
2012-04-01 18:45:47	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-01 18:31:47	--------	d-----w-	c:\programdata\InstallMate
2012-03-20 00:27:39	--------	d-----w-	c:\program files\CA Design
.
==================== Find3M ====================
.
2012-04-01 18:45:47	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05	237072	------w-	c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:56:00.92 ===============

ark.txt LOG:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-13 07:01:24
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD12 rev.04.0
Running: 2fpcgnjl.exe; Driver: C:\Users\pamarj1\AppData\Local\Temp\kgdiyfow.sys

---- System - GMER 1.0.15 ----

SSDT 879BC180 ZwConnectPort

INT 0x52 ? 85AB4BF8
INT 0x72 ? 85AB4BF8
INT 0x72 ? 85AB4BF8
INT 0x82 ? 84E17BF8
INT 0x92 ? 84E13BF8
INT 0xA2 ? 84E13BF8
INT 0xB2 ? 85AB4BF8
INT 0xB3 ? 85AB4BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 3F4 820FCA18 4 Bytes [80, C1, 9B, 87]
? System32\Drivers\spzy.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8E9E746F 5 Bytes JMP 85AB41D8 
.text abde7wjq.SYS  8D378000 22 Bytes [26, 82, 01, 82, 10, 81, 01, ...]
.text abde7wjq.SYS 8D378017 130 Bytes [00, 32, D7, 78, 82, 3D, D5, ...]
.text abde7wjq.SYS 8D37809A 14 Bytes [09, 82, BC, 83, 09, 82, E0, ...] {OR [EDX-0x7df67c44], EAX; LOOPNZ 0xffffffffffffff9e; JB 0xffffffff82099432}
.text abde7wjq.SYS 8D3780A9 35 Bytes [70, 09, 82, 60, 67, 09, 82, ...]
.text abde7wjq.SYS 8D3780CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text ... 
? C:\Users\pamarj1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2656] ntdll.dll!DbgUiRemoteBreakin 770ED50C 1 Byte [C3]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84E191F8
Device \FileSystem\fastfat \FatCdrom 8799C500

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 84E151F8
Device \Driver\sptd \Device\364222803 spzy.sys
Device \Driver\usbuhci \Device\USBPDO-0 85CA6500
Device \Driver\usbuhci \Device\USBPDO-1 85CA6500
Device \Driver\usbehci \Device\USBPDO-2 85C261F8
Device \Driver\usbuhci \Device\USBPDO-3 85CA6500
Device \Driver\usbuhci \Device\USBPDO-4 85CA6500

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-5 85CA6500
Device \Driver\usbehci \Device\USBPDO-6 85C261F8
Device \Driver\volmgr \Device\HarddiskVolume1 84E151F8
Device \Driver\netbt \Device\NetBT_Tcpip_{AAECF98D-936B-4CB8-9F10-9B1C41375907} 877FF500
Device \Driver\volmgr \Device\HarddiskVolume2 84E151F8
Device \Driver\cdrom \Device\CdRom0 85C3F500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E181F8
Device \Driver\iaStor \Device\Ide\iaStor0 [87CC4360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 84E181F8
Device \Driver\atapi \Device\Ide\IdePort1 84E181F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [87CC4360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\cdrom \Device\CdRom1 85C3F500
Device \Driver\PCI_PNP6787 \Device\00000067 spzy.sys
Device \Driver\netbt \Device\NetBt_Wins_Export 877FF500
Device \Driver\Smb \Device\NetbiosSmb 8785C500
Device \Driver\iScsiPrt \Device\RaidPort0 85ABA1F8

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 85CA6500
Device \Driver\usbuhci \Device\USBFDO-1 85CA6500
Device \Driver\netbt \Device\NetBT_Tcpip_{00F5FC4A-1ADF-4AC4-8EB4-B213ADBF5159} 877FF500
Device \Driver\usbehci \Device\USBFDO-2 85C261F8
Device \Driver\usbuhci \Device\USBFDO-3 85CA6500
Device \Driver\usbuhci \Device\USBFDO-4 85CA6500
Device \Driver\usbuhci \Device\USBFDO-5 85CA6500
Device \Driver\usbehci \Device\USBFDO-6 85C261F8
Device \Driver\abde7wjq \Device\Scsi\abde7wjq1Port4Path0Target0Lun0 85D50500
Device \Driver\abde7wjq \Device\Scsi\abde7wjq1 85D50500
Device \FileSystem\fastfat \Fat 8799C500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs C33251F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xD3 0xD8 0xA6 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xFC 0xB2 0x3A 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x1F 0x7D 0x01 0x2D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xD3 0xD8 0xA6 0xEA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xFC 0xB2 0x3A 0x4F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x1F 0x7D 0x01 0x2D ...

---- EOF - GMER 1.0.15 ----


----------



## ajpnsld (Apr 11, 2012)

bump


----------



## flavallee (May 12, 2002)

Why hasn't Windows Vista SP1 been upgraded to SP2?

Have you been installing the important/recommended updates that Microsoft releases on a regular basis?

-----------------------------------------------------------


----------



## ajpnsld (Apr 11, 2012)

I didn't check your message until now.

I have Windows update enabled in my computer. So whenever there are any updates to be installed, it will automatically install and restart my laptop. I assumed it is up to date. I checked my laptop now. It has SP1. Do you want me to install SP2?


----------



## flavallee (May 12, 2002)

If you have Windows Updates set up to automatically download and install updates, I'm at a loss as to why the SP2 upgrade was never installed. 

Wait for a gold/blue shield removal specialist to reply and advise you whether to install the SP2 upgrade now or to wait until after your issue is dealt with.

------------------------------------------------------------


----------



## ajpnsld (Apr 11, 2012)

bump


----------



## flavallee (May 12, 2002)

I've requested a gold/blue shield member assist you. Be patient awhile longer.

In the meantime, go here to download and save the SP2 upgrade. Don't install it yet.

------------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## ajpnsld (Apr 11, 2012)

Hi,

Below is the Combofix log. I renamed the combofix.exe file to puppy.exe before running it.

==================================================================

ComboFix 12-04-19.02 - pamarj1 04/19/2012 19:28:40.2.2 - x86
MicrosoftÆ Windows Vistaô Home Premium 6.0.6001.1.1252.1.1033.18.2038.388 [GMT -5:00]
Running from: c:\users\pamarj1\Desktop\puppy.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-20 00:47 . 2012-04-20 00:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-20 00:47 . 2012-04-20 00:47	--------	d-----w-	c:\users\257\AppData\Local\temp
2012-04-20 00:47 . 2012-04-20 00:47	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2012-04-20 00:26 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A37CA29-4557-4BC2-9740-7EA5DD054918}\mpengine.dll
2012-04-13 01:21 . 2012-04-13 01:21	9310	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-04-13 01:21 . 2012-04-13 01:21	8646	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-04-13 01:21 . 2012-04-13 01:21	6429	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-04-13 01:21 . 2012-04-13 01:21	63115	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-04-13 01:21 . 2012-04-13 01:21	5927	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-04-13 01:21 . 2012-04-13 01:21	4599	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-04-13 01:20 . 2012-04-13 01:20	8613	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-04-13 01:20 . 2012-04-13 01:20	1651	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-04-13 01:20 . 2012-04-13 01:20	6910	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-04-13 01:20 . 2012-04-13 01:20	8288	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-04-13 01:20 . 2012-04-13 01:20	6208	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-04-13 01:20 . 2012-04-13 01:20	18541	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-04-13 01:20 . 2012-04-13 01:20	51852	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-04-13 01:20 . 2012-04-13 01:20	20719	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-04-13 01:20 . 2012-04-13 01:20	8782	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-04-13 01:20 . 2012-04-13 01:20	7271	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-04-13 01:20 . 2012-04-13 01:20	23327	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-04-06 02:18 . 2012-04-20 00:48	--------	d-----w-	c:\users\pamarj1\AppData\Local\temp
2012-04-06 01:31 . 2012-04-20 00:22	--------	d-----w-	C:\ComboFix
2012-04-01 19:05 . 2012-04-01 19:05	--------	d-----w-	c:\programdata\Premium
2012-04-01 19:01 . 2012-04-01 19:01	--------	d-----w-	c:\users\pamarj1\AppData\Local\Premiumplay Codec-C
2012-04-01 19:01 . 2012-04-01 19:01	--------	d-----w-	c:\program files\Premiumplay Codec-C
2012-04-01 19:00 . 2012-04-01 19:00	--------	d-----w-	C:\codec-info
2012-04-01 18:45 . 2012-04-01 18:45	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-01 18:34 . 2012-04-01 18:34	448	----a-w-	C:\user.js
2012-04-01 18:31 . 2012-04-01 19:05	--------	d-----w-	c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 18:45 . 2011-06-30 22:49	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 02:15 . 2011-04-02 01:29	6582328	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-24 01:53 . 2012-02-24 02:00	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D32082A-F433-45EC-9E2D-1A4F880398CE}\gapaengine.dll
2012-02-07 16:02 . 2012-02-07 16:02	1070352	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2012-01-31 12:44 . 2009-10-02 17:16	237072	------w-	c:\windows\system32\MpSigStub.exe
2007-02-08 16:48 . 2007-02-08 16:48	133920	----a-w-	c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2009-06-24 01:41 . 2009-06-24 01:41	158720	----a-w-	c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"Plex Media Server"="c:\program files\Plex\Plex Media Server\Plex Media Server.exe" [2011-07-27 2495056]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-22 39408]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-12-28 937360]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-28 21392]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-12-28 3508624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\pamarj1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Sync Loader]
2011-05-11 19:14	638976	----a-w-	c:\program files\ASUS\ASUS Sync\asusUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]
2011-06-08 07:09	737104	----a-w-	c:\program files\ASUS\ASUS WebStorage\3.0.102.211\AsusWSPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 14:14	323392	----a-w-	c:\users\pamarj1\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-10 11:59	115816	----a-w-	c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-01-19 23:55	50520	----a-w-	c:\users\pamarj1\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-22 18:12	17920	----a-r-	c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57	369200	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-11-06 04:55	137536	----atw-	c:\users\pamarj1\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2007-12-17 17:12	243240	----a-w-	c:\program files\Windows Live\Family Safety\fssui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-02 13:57	135664	----atw-	c:\users\pamarj1\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22	3739648	----a-w-	c:\users\pamarj1\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-03-05 17:06	173592	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 12:58	75008	----a-w-	c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 00:03	186904	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-03-05 17:06	141848	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-09-10 22:40	289576	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdkamon]
2007-06-01 13:06	20480	----a-w-	c:\program files\Lexmark 5300 Series\lxdkamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdkmon.exe]
2007-06-22 08:17	455344	----a-w-	c:\program files\Lexmark 5300 Series\lxdkmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 03:59	4347120	----a-w-	c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 17:34	5724184	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-03-05 17:06	150552	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 18:38	159744	----a-w-	c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-24 01:11	176128	----a-w-	c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 20:09	413696	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBC_McciTrayApp]
2007-02-28 19:35	1011200	----a-w-	c:\program files\SBC\update\SST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-17 04:34	634880	----a-w-	c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-18 19:27	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-22 03:14	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01	2634048	----a-w-	c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29	37888	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2008-11-06 03:59	4347120	----a-w-	c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - KGDIYFOW
*Deregistered* - kgdiyfow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance	REG_MULTI_SZ ASBroker ASChannel
vvdsvc	REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:45]
.
2007-12-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]
.
2012-04-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
- c:\users\pamarj1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 04:55]
.
2012-04-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
- c:\users\pamarj1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 04:55]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 18:52]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 18:52]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
- c:\users\pamarj1\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 13:57]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
- c:\users\pamarj1\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 13:57]
.
2010-05-20 c:\windows\Tasks\Install.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-04-26 20:47]
.
2012-04-17 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - pamarj1.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 15:09]
.
2012-04-20 c:\windows\Tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
2012-04-20 c:\windows\Tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb119?a=6R8oCjuYer&i=26
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb119?a=6R8oCjuYer&i=26
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6R8oCjuYer&&i=26&search=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Premiumplay Codec-C: [email protected] - %profile%\extensions\[email protected]
FF - Ext: incredibar.com: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Veoh Web Player Video Finder: [email protected] - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF - Ext: Move Media Player: [email protected] - c:\users\pamarj1\AppData\Roaming\Move Networks
FF - Ext: XULRunner: {7AF6830F-D3D8-4973-BA4D-74783BE69F62} - c:\users\pamarj1\AppData\Local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Splashtop Remote: [email protected] - c:\program files\Splashtop\Splashtop Remote\Server\plugin\FFExtensions
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8oCjuYer&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 2ac6db57000000000000001b77cdb69d
FF - user.js: extensions.incredibar_i.instlDay - 15431
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:34
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6R8oCjuYer
FF - user.js: extensions.incredibar_i.upn2n - 92824116097263855
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 5
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-19 19:48
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3516)
c:\windows\system32\APSHook.dll
c:\progra~1\ASUS\ASUSWE~1\30102~1.211\ASUSWS~1.DLL
.
Completion time: 2012-04-19 19:56:46
ComboFix-quarantined-files.txt 2012-04-20 00:56
ComboFix2.txt 2012-04-06 02:18
.
Pre-Run: 7,436,210,176 bytes free
Post-Run: 8,244,023,296 bytes free
.
- - End Of File - - 1F2C7B2AB23A967B7AF322D7F3D6CD5C


----------



## Cookiegal (Aug 27, 2003)

I've merged both of your threads together. Please do not start more than one for the same issue.

Open Notepad and copy and paste the text in the code box below into it:


```
File::
C:\user.js

DDS::
uStart Page = hxxp://mystart.incredibar.com/mb119?a=6R8oCjuYer&i=26

Firefox::
FF - ProfilePath - c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb119?a=6R8oCjuYer&i=26
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6R8oCjuYer&&i=26&search=
FF - Ext: incredibar.com: [email protected] - %profile%\extensions\[email protected]
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8oCjuYer&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 2ac6db57000000000000001b77cdb69d
FF - user.js: extensions.incredibar_i.instlDay - 15431
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:34
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6R8oCjuYer
FF - user.js: extensions.incredibar_i.upn2n - 92824116097263855
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 5
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## Cookiegal (Aug 27, 2003)

I assume you no longer have Norton Internet Security?


----------



## ajpnsld (Apr 11, 2012)

Hi,

I copied your script and saved it as CFScript.txt on my desktop. When I drag the file to "puppy.exe", I get a message as- "Illegal operation attempted on a registry key that has been marked for deletion". I get the same error message if I try to open any file (paint, txt, word etc).

I dont have Norton Security enabled but it is not uninstalled. I'm currently using Microsoft security essentials.

Thanks!


----------



## Cookiegal (Aug 27, 2003)

You just need to reboot the computer so the actions can complete. Please do so and then post the ComboFix log.


----------



## ajpnsld (Apr 11, 2012)

Hi the log is posted below

ComboFix.txt:

ComboFix 12-04-19.02 - pamarj1 04/23/2012 18:11:21.3.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.2038.668 [GMT -5:00]
Running from: c:\users\pamarj1\Desktop\puppy.exe.exe
Command switches used :: c:\users\pamarj1\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\user.js"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\puppy.exe
c:\puppy.exe\PEV.exe
c:\puppy.exe\snapshot.00.dat
c:\users\pamarj1\AppData\Local\temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\chrome.manifest
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\arwDwn.gif
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\ae.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\bg.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\ch.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\cn.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\cz.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\de.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\eg.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\en.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\es.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\fr.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\gr.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\he.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\il.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\it.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\ja.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\jp.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\nl.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\no.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\pl.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\pt.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\ro.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\ru.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\sa.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\se.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\sv.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\tr.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\ua.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\flgs\us.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\help_16.gif
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\home.gif
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\logo.png
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\privecy_16_hot.gif
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\specialoffer.gif
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\tellafriend.gif
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\imgs\uninstall.gif
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\incredibar.css
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\incredibar.xul
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\mtstart.js
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\content\tmplt.js
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 23:29 . 2012-04-23 23:36	--------	d-----w-	c:\users\pamarj1\AppData\Local\temp
2012-04-23 23:29 . 2012-04-23 23:29	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2012-04-23 23:29 . 2012-04-23 23:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-23 23:29 . 2012-04-23 23:29	--------	d-----w-	c:\users\257\AppData\Local\temp
2012-04-23 23:10 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12266E0F-C7A9-40D0-8C82-1A3D92C077F6}\mpengine.dll
2012-04-06 01:31 . 2012-04-20 00:22	--------	d-----w-	C:\ComboFix
2012-04-01 19:05 . 2012-04-01 19:05	--------	d-----w-	c:\programdata\Premium
2012-04-01 19:01 . 2012-04-01 19:01	--------	d-----w-	c:\users\pamarj1\AppData\Local\Premiumplay Codec-C
2012-04-01 19:01 . 2012-04-01 19:01	--------	d-----w-	c:\program files\Premiumplay Codec-C
2012-04-01 19:00 . 2012-04-01 19:00	--------	d-----w-	C:\codec-info
2012-04-01 18:45 . 2012-04-01 18:45	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-01 18:34 . 2012-04-01 18:34	448	----a-w-	C:\user.js
2012-04-01 18:31 . 2012-04-01 19:05	--------	d-----w-	c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 07:36 . 2011-04-02 01:29	6734704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-01 18:45 . 2011-06-30 22:49	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-24 01:53 . 2012-02-24 02:00	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D32082A-F433-45EC-9E2D-1A4F880398CE}\gapaengine.dll
2012-02-07 16:02 . 2012-02-07 16:02	1070352	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2012-01-31 12:44 . 2009-10-02 17:16	237072	------w-	c:\windows\system32\MpSigStub.exe
2007-02-08 16:48 . 2007-02-08 16:48	133920	----a-w-	c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2009-06-24 01:41 . 2009-06-24 01:41	158720	----a-w-	c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"Plex Media Server"="c:\program files\Plex\Plex Media Server\Plex Media Server.exe" [2011-07-27 2495056]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-22 39408]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-12-28 937360]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-28 21392]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-12-28 3508624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\pamarj1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Sync Loader]
2011-05-11 19:14	638976	----a-w-	c:\program files\ASUS\ASUS Sync\asusUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]
2011-06-08 07:09	737104	----a-w-	c:\program files\ASUS\ASUS WebStorage\3.0.102.211\AsusWSPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 14:14	323392	----a-w-	c:\users\pamarj1\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-10 11:59	115816	----a-w-	c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-01-19 23:55	50520	----a-w-	c:\users\pamarj1\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-22 18:12	17920	----a-r-	c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57	369200	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-11-06 04:55	137536	----atw-	c:\users\pamarj1\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2007-12-17 17:12	243240	----a-w-	c:\program files\Windows Live\Family Safety\fssui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-02 13:57	135664	----atw-	c:\users\pamarj1\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22	3739648	----a-w-	c:\users\pamarj1\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-03-05 17:06	173592	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 12:58	75008	----a-w-	c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 00:03	186904	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-03-05 17:06	141848	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-09-10 22:40	289576	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdkamon]
2007-06-01 13:06	20480	----a-w-	c:\program files\Lexmark 5300 Series\lxdkamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdkmon.exe]
2007-06-22 08:17	455344	----a-w-	c:\program files\Lexmark 5300 Series\lxdkmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 03:59	4347120	----a-w-	c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 17:34	5724184	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-03-05 17:06	150552	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 18:38	159744	----a-w-	c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-24 01:11	176128	----a-w-	c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 20:09	413696	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBC_McciTrayApp]
2007-02-28 19:35	1011200	----a-w-	c:\program files\SBC\update\SST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-17 04:34	634880	----a-w-	c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-18 19:27	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-22 03:14	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01	2634048	----a-w-	c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29	37888	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2008-11-06 03:59	4347120	----a-w-	c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance	REG_MULTI_SZ ASBroker ASChannel
vvdsvc	REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:45]
.
2007-12-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]
.
2012-04-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
- c:\users\pamarj1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 04:55]
.
2012-04-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
- c:\users\pamarj1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 04:55]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 18:52]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 18:52]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
- c:\users\pamarj1\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 13:57]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
- c:\users\pamarj1\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 13:57]
.
2010-05-20 c:\windows\Tasks\Install.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-04-26 20:47]
.
2012-04-20 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - pamarj1.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 15:09]
.
2012-04-23 c:\windows\Tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
2012-04-23 c:\windows\Tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Premiumplay Codec-C: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Veoh Web Player Video Finder: [email protected] - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF - Ext: Move Media Player: [email protected] - c:\users\pamarj1\AppData\Roaming\Move Networks
FF - Ext: XULRunner: {7AF6830F-D3D8-4973-BA4D-74783BE69F62} - c:\users\pamarj1\AppData\Local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Splashtop Remote: [email protected] - c:\program files\Splashtop\Splashtop Remote\Server\plugin\FFExtensions
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8oCjuYer&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 2ac6db57000000000000001b77cdb69d
FF - user.js: extensions.incredibar_i.instlDay - 15431
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:34
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6R8oCjuYer
FF - user.js: extensions.incredibar_i.upn2n - 92824116097263855
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 5
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3616)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\progra~1\ASUS\ASUSWE~1\30102~1.211\ASUSWS~1.DLL
c:\program files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
c:\program files\ASUS\ASUS WebStorage\3.0.102.211\LogicNP.EZNamespaceExtensions.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Windows Live\Family Safety\fsssvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxdkcoms.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe
c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wsqmcons.exe
.
**************************************************************************
.
Completion time: 2012-04-23 18:48:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-23 23:45
ComboFix2.txt 2012-04-20 00:56
ComboFix3.txt 2012-04-06 02:18
.
Pre-Run: 9,596,395,520 bytes free
Post-Run: 9,050,886,144 bytes free
.
- - End Of File - - AFD520C3D2300A12EDFBDD94EB0F8CE9


----------



## Cookiegal (Aug 27, 2003)

Did you install this intentionally?

Premiumplay Codec-C


----------



## ajpnsld (Apr 11, 2012)

Yes, I installed it to play a video.


----------



## Cookiegal (Aug 27, 2003)

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation. 
An icon will be created on your desktop. Double-click that icon to launch the program. 
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._) 
Under "*Configuration and Preferences*", click the *Preferences* button. 
Click the *Scanning Control* tab. 
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._ 
_Scan for tracking cookies._ 
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen. 
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*. 
On the left, make sure you check *C:\Fixed Drive*. 
On the right, under "*Complete Scan*", choose *Perform Complete Scan*. 
Click "*Next*" to start the scan. Please be patient while it scans your computer. 
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*". 
Make sure everything has a checkmark next to it and click "*Next*". 
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu. 
If asked if you want to reboot, click "*Yes*". 
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._ 
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._ 
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._ 
*Please copy and paste the Scan Log results in your next reply.*

Click *Close* to exit the program.


----------



## ajpnsld (Apr 11, 2012)

Hi Cookiegal

I have attached the log in two replies because of an error I get when I post it in one go.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/24/2012 at 05:59 PM

Application Version : 5.0.1146

Core Rules Database Version : 8506
Trace Rules Database Version: 6318

Scan type : Quick Scan
Total Scan Time : 00:30:01

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Limited User (Administrator User)

Memory items scanned : 750
Memory threats detected : 0
Registry items scanned : 27966
Registry threats detected : 0
File items scanned : 12307
File threats detected : 577

Rogue.AntiMalwareDoctor
C:\Users\pamarj1\AppData\Roaming\36F860A254720FDB0B7773C83A3C5541

Adware.Tracking Cookie
C:\Users\pamarj1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /ad.yieldmanager ]
C:\Users\pamarj1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /adinterax ]
C:\Users\pamarj1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /advertising ]
C:\Users\pamarj1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /ar.atwola ]
C:\Users\pamarj1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /at.atwola ]
C:\Users\pamarj1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /atwola ]
C:\Users\pamarj1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /content.yieldmanager ]
C:\Users\pamarj1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt [ /content.yieldmanager ]
C:\Users\pamarj1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /doubleclick ]
C:\Users\pamarj1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /imrworldwide ]
C:\Users\pamarj1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /questionmarket ]
C:\Users\pamarj1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /r1-ads.ace.advertising ]
C:\Users\pamarj1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /tacoda.at.atwola ]
C:\Users\pamarj1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /yieldmanager ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/accounts/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
timesofindia.indiatimes.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/clicksense/ ]
.linksynergy.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
.buycom.122.2o7.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.cricket.widgets.stats.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
.revsci.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
.invitemedia.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
.rambler.ru [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.spylog.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
.careers.peopleclick.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
.navistarinternational.112.2o7.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/cgi-bin ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:257[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
.jobs3.netmedia1.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.mckinseyknowledge.122.2o7.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
.thinkresources.122.2o7.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/adServer/ ]
.apmebf.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
statse.webtrendslive.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\257\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\257\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\257\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
.philips.112.2o7.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\257\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\257\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
.invitemedia.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
.mediafire.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.stopzilla.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
www.stopzilla.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
sdesapio-conversiontracker.appspot.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
sdesapio-conversiontracker.appspot.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
sdesapio-conversiontracker.appspot.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
sdesapio-conversiontracker.appspot.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
.dmtracker.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
.xiti.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt [ Cookie:[email protected]/accounts/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
.kaspersky.122.2o7.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/clx/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
.112.2o7.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
www.cpcadnet.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
www.plomedia.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.findstuff.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/ ]
.atdmt.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie:[email protected]/adserver ]
C:\USERS\GUEST\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
.insightexpressai.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\GUEST\Cookies\[email protected][2].txt [ Cookie:[email protected]/ ]
C:\USERS\GUEST\Cookies\[email protected][1].txt [ Cookie:[email protected]/ ]
.insightexpressai.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.gostats.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.adinterax.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.ndtvsports.cricket.sportzdeck.stats.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.stat.youku.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.mmstat.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.lstat.youku.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.lstat.youku.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
stat.onestat.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
timesofindia.indiatimes.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ Cookie[email protected]/adserving ]
.findlaw.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.findlaw.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
library.findlaw.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.findlaw.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.ehg-findlaw.hitbox.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.ehg-findlaw.hitbox.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.ehg-findlaw.hitbox.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.hitbox.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
.ru4.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
.ru4.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
.revsci.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.trafficmp.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/accounts/ ]
.liveperson.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/accounts ]
.histats.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt [ Cookie[email protected]/hc/43836137 ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
.liveperson.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
server.iad.liveperson.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\PAMARJ1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HR7Z8AH5.DEFAULT\COOKIES.SQLITE ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected].net/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected].com/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]


----------



## ajpnsld (Apr 11, 2012)

second half of the log

Thanks a Lot!

C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/cgi-bin ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookieama[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\Cookies\[email protected][3].txt [ Cookie[email protected]/ak/ ]
C:\USERS\PAMARJ1\Cookies\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\Cookies\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\Cookies\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\Cookies\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\Cookies\[email protected][2].txt [ Cookie[email protected]/cgi-bin ]
C:\USERS\PAMARJ1\Cookies\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\Cookies\[email protected][2].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\Cookies\[email protected][1].txt [ Cookie[email protected]/ ]
C:\USERS\PAMARJ1\Cookies\[email protected][1].txt [ Cookie[email protected]/adserving ]
C:\USERS\PAMARJ1\Cookies\[email protected][2].txt [ Cookie[email protected]/ ]
.collective-media.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
card.cricket.timesofindia.indiatimes.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.112.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.redorbit.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
data.coremetrics.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.buycom.122.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
traffic.buyservices.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.112.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.gigcount.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.redorbit.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.redorbit.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lstat.youku.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stat.youku.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mmstat.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.hostgator.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bizrate.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gsimedia.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.oldcountrybuffet.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.oldcountrybuffet.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.dealtime.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.oneclickwatch.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.oneclickwatch.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.oneclickwatch.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.oneclickwatch.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.oneclickwatch.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.oneclickwatch.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.oneclickwatch.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.oneclickwatch.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.oneclickwatch.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.oneclickwatch.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gostats.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tns-counter.ru [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.redorbit.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.redorbit.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.discountlaptopshop.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.discountlaptopshop.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.discountlaptopshop.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazonmerchants.122.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bonton.122.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.walmart.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.walmart.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.walmart.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.harrenmedianetwork.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cricket.widgets.stats.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cricket.widgets.stats.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.couponmountain.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.couponmountain.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.couponmountain.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.movieticketscom.122.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ehg-reed.hitbox.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ehg-reed.hitbox.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hitbox.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.estat.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.usatoday1.112.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wbliqicpkdp.stats.esomniture.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www9.addfreestats.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dc.tremormedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lstat.youku.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adnetwork.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ephraim-doorcounty.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ephraim-doorcounty.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rambler.ru [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.openstat.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.spylog.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.planfinder.bcbs.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.planfinder.bcbs.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.roiservice.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doorcounty.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doorcounty.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.doorcounty.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.timesofindia.hotklix.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.timesofindia.hotklix.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.doorcounty.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.doorcounty.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doorcounty.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doorcounty.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doorcounty.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
nl.sitestat.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftwindows.112.2o7.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
timesofindia.indiatimes.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
timesofindia.indiatimes.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.visualrevenue.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
timesofindia.indiatimes.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\PAMARJ1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
File::
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\user.js
C:\user.js

Firefox::
FF - ProfilePath - c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8oCjuYer&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 2ac6db57000000000000001b77cdb69d
FF - user.js: extensions.incredibar_i.instlDay - 15431
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:34
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6R8oCjuYer
FF - user.js: extensions.incredibar_i.upn2n - 92824116097263855
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 5
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## ajpnsld (Apr 11, 2012)

hi Cookiegal

Here's the latest log

ComboFix 12-04-19.02 - pamarj1 04/25/2012 17:37:44.4.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.2038.931 [GMT -5:00]
Running from: c:\users\pamarj1\Desktop\puppy.exe.exe
Command switches used :: c:\users\pamarj1\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
FILE ::
"C:\user.js"
"c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\user.js"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\user.js
c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\user.js
.
.
((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-25 22:41 . 2012-04-25 22:41	--------	d-----w-	c:\users\pamarj1\AppData\Local\temp
2012-04-25 22:41 . 2012-04-25 22:41	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2012-04-25 22:41 . 2012-04-25 22:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-25 22:41 . 2012-04-25 22:41	--------	d-----w-	c:\users\257\AppData\Local\temp
2012-04-25 22:32 . 2012-04-25 22:32	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{316ADD0B-2033-4FA1-8454-DB6D2F9EE521}\MpKsl060a9517.sys
2012-04-25 22:32 . 2012-04-25 22:32	56200	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{316ADD0B-2033-4FA1-8454-DB6D2F9EE521}\offreg.dll
2012-04-25 22:27 . 2012-04-25 22:27	--------	d-----w-	c:\program files\WinMerge
2012-04-24 23:26 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{316ADD0B-2033-4FA1-8454-DB6D2F9EE521}\mpengine.dll
2012-04-24 22:26 . 2012-04-24 22:26	--------	d-----w-	c:\users\pamarj1\AppData\Roaming\SUPERAntiSpyware.com
2012-04-24 22:25 . 2012-04-24 22:26	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-04-24 22:25 . 2012-04-24 22:25	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-04-06 01:31 . 2012-04-20 00:22	--------	d-----w-	C:\ComboFix
2012-04-01 19:05 . 2012-04-01 19:05	--------	d-----w-	c:\programdata\Premium
2012-04-01 19:01 . 2012-04-01 19:01	--------	d-----w-	c:\users\pamarj1\AppData\Local\Premiumplay Codec-C
2012-04-01 19:01 . 2012-04-01 19:01	--------	d-----w-	c:\program files\Premiumplay Codec-C
2012-04-01 19:00 . 2012-04-01 19:00	--------	d-----w-	C:\codec-info
2012-04-01 18:45 . 2012-04-01 18:45	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-01 18:31 . 2012-04-01 19:05	--------	d-----w-	c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 07:36 . 2011-04-02 01:29	6734704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-01 18:45 . 2011-06-30 22:49	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-24 01:53 . 2012-02-24 02:00	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D32082A-F433-45EC-9E2D-1A4F880398CE}\gapaengine.dll
2012-02-07 16:02 . 2012-02-07 16:02	1070352	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2012-01-31 12:44 . 2009-10-02 17:16	237072	------w-	c:\windows\system32\MpSigStub.exe
2007-02-08 16:48 . 2007-02-08 16:48	133920	----a-w-	c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2009-06-24 01:41 . 2009-06-24 01:41	158720	----a-w-	c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"Plex Media Server"="c:\program files\Plex\Plex Media Server\Plex Media Server.exe" [2011-07-27 2495056]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-22 39408]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-12-28 937360]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-28 21392]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-12-28 3508624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\pamarj1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Sync Loader]
2011-05-11 19:14	638976	----a-w-	c:\program files\ASUS\ASUS Sync\asusUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]
2011-06-08 07:09	737104	----a-w-	c:\program files\ASUS\ASUS WebStorage\3.0.102.211\AsusWSPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 14:14	323392	----a-w-	c:\users\pamarj1\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-10 11:59	115816	----a-w-	c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-01-19 23:55	50520	----a-w-	c:\users\pamarj1\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-22 18:12	17920	----a-r-	c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57	369200	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-11-06 04:55	137536	----atw-	c:\users\pamarj1\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2007-12-17 17:12	243240	----a-w-	c:\program files\Windows Live\Family Safety\fssui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-02 13:57	135664	----atw-	c:\users\pamarj1\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22	3739648	----a-w-	c:\users\pamarj1\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-03-05 17:06	173592	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 12:58	75008	----a-w-	c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 00:03	186904	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-03-05 17:06	141848	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-09-10 22:40	289576	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdkamon]
2007-06-01 13:06	20480	----a-w-	c:\program files\Lexmark 5300 Series\lxdkamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdkmon.exe]
2007-06-22 08:17	455344	----a-w-	c:\program files\Lexmark 5300 Series\lxdkmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 03:59	4347120	----a-w-	c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 17:34	5724184	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-03-05 17:06	150552	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 18:38	159744	----a-w-	c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-24 01:11	176128	----a-w-	c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 20:09	413696	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBC_McciTrayApp]
2007-02-28 19:35	1011200	----a-w-	c:\program files\SBC\update\SST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-17 04:34	634880	----a-w-	c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-18 19:27	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-22 03:14	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01	2634048	----a-w-	c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29	37888	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2008-11-06 03:59	4347120	----a-w-	c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - MPKSL060A9517
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance	REG_MULTI_SZ ASBroker ASChannel
vvdsvc	REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:45]
.
2007-12-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]
.
2012-04-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
- c:\users\pamarj1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 04:55]
.
2012-04-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
- c:\users\pamarj1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 04:55]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 18:52]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 18:52]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
- c:\users\pamarj1\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 13:57]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
- c:\users\pamarj1\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 13:57]
.
2010-05-20 c:\windows\Tasks\Install.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-04-26 20:47]
.
2012-04-24 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - pamarj1.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 15:09]
.
2012-04-25 c:\windows\Tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
2012-04-25 c:\windows\Tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Premiumplay Codec-C: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Veoh Web Player Video Finder: [email protected] - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF - Ext: Move Media Player: [email protected] - c:\users\pamarj1\AppData\Roaming\Move Networks
FF - Ext: XULRunner: {7AF6830F-D3D8-4973-BA4D-74783BE69F62} - c:\users\pamarj1\AppData\Local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Splashtop Remote: [email protected] - c:\program files\Splashtop\Splashtop Remote\Server\plugin\FFExtensions
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-25 17:41
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-25 17:46:35
ComboFix-quarantined-files.txt 2012-04-25 22:46
ComboFix2.txt 2012-04-23 23:48
ComboFix3.txt 2012-04-20 00:56
ComboFix4.txt 2012-04-06 02:18
.
Pre-Run: 7,307,751,424 bytes free
Post-Run: 7,324,299,264 bytes free
.
- - End Of File - - 61603FACCAF5F6D1FEEFE1F7C075359F


----------



## Cookiegal (Aug 27, 2003)

Please run the following on-line scanner. Note that you must use Internet Explorer to perform the scan.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\EsetOnlineScanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## ajpnsld (Apr 11, 2012)

Hi cookiegal

I ran the eset online scanner. The log file (C:\Program Files\ESET\ESET Online Scanner) had only these two lines in it,


[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK

The window after running said "3 Threats found, 3 Threats removed"

Is there another location i shud be looking at?


----------



## Cookiegal (Aug 27, 2003)

I don't know what happened there. Let's run another one:

Please run the *F-Secure Online Scanner*

Note: *You must use Internet Explorer for this scan!*


Accept the License Agreement. 
Once the ActiveX installs click *Full System Scan* 
Once the download completes, the scan will begin automatically. 
The scan will take some time to finish, so please be patient. 
When the scan completes, click the *Automatic cleaning (recommended)* button. 
Click the *Show Report* button and copy and paste the entire report in your next reply.


----------



## ajpnsld (Apr 11, 2012)

*Scanning Report*

*Saturday, April 28, 2012 17:16:02 - 23:01:03*

Computer name: PAMARJ1-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\ 
*17 malware found*

TrackingCookie.Adinterax (spyware) 


[*]System (Disinfected)
TrackingCookie.2o7 (spyware) 


[*]System (Disinfected)
TrackingCookie.Atdmt (spyware) 


[*]System (Disinfected)
TrackingCookie.Doubleclick (spyware) 


[*]System (Disinfected)
TrackingCookie.Admeta (spyware) 


[*]System (Disinfected)
TrackingCookie.Specificclick (spyware) 


[*]System (Disinfected)
TrackingCookie.Adrevolver (spyware) 


[*]System (Disinfected)
TrackingCookie.Fastclick (spyware) 


[*]System (Disinfected)
TrackingCookie.Adbrite (spyware) 


[*]System (Disinfected)
TrackingCookie.Xiti (spyware) 


[*]System (Disinfected)
TrackingCookie.Webtrends (spyware) 


[*]System (Disinfected)
TrackingCookie.Mediaplex (spyware) 


[*]System (Disinfected)
TrackingCookie.Liveperson (spyware) 


[*]System (Disinfected)
TrackingCookie.Statcounter (spyware) 


[*]System (Disinfected)
TrackingCookie.Atwola (spyware) 


[*]System (Disinfected)
TrackingCookie.Yieldmanager (spyware) 


[*]System (Disinfected)
TrackingCookie.BlueStreak (spyware) 


[*]System (Disinfected)
*Statistics*

Scanned: 


[*]Files: 131194
[*]System: 5266
[*]Not scanned: 44
Actions: 


[*]Disinfected: 17
[*]Renamed: 0
[*]Deleted: 0
[*]Not cleaned: 0
[*]Submitted: 0
Files not scanned:


[*]C:\HIBERFIL.SYS
[*]C:\PAGEFILE.SYS
[*]C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
[*]C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
[*]C:\WINDOWS\SYSTEM32\CONFIG\SAM
[*]C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
[*]C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
[*]C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
[*]C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
[*]C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
[*]C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
[*]C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
[*]C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
[*]C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
[*]C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
[*]C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
[*]C:\USERS\PAMARJ1\APPDATA\LOCAL\TEMP\LOW\HSPERFDATA_PAMARJ1\4324
[*]C:\USERS\PAMARJ1\APPDATA\LOCAL\TEMP\HSPERFDATA_PAMARJ1\5040
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1F23F2B4E3B71D0D05C8370B1CF5FE2E_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\020ADBE92ED8EFE1ACEA9B04AD2BAB89_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\271B093933B19A20123B1FC3F214C281_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F884B242AAFA484EBE588D8D92E4D18_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43EDAF3EF305420D364DF1238381BBF5_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43CE2FAD86733AF414590D0EC48F49AE_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5CB6EB8E602F1DE703B77304781EAB76_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7584990A77E198F54A146BF36CFBA4C1_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7B8AC6F987886CC4A8D8407D863170AC_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7FDF6475DF53F6606859C403D23BAF76_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\607AD767C9EBCA9E6222223D36800863_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D727D3ED3CE7E8C726627FF19CC6B71_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9A41F0163FC5B40B918E4B8F116AE705_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AA422C10A55B62B394A0A0A28342B6E7_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\85FD9ACAF31DAB51B1CDADA9B0EAAEB4_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A01114DB5D52FD87A9A3472E41F28C3B_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BBC07EFBE512480BF8E4BD92F4BADCFC_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CCBB00FC3F6560208D2B76D8AB579A89_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C6E18F0C047644926AB3E35E44A30383_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE7EEFE72AA93DBF348F1205DC6287C8_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E52B415D361CAD5E29CC01ACC011D647_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DF1B9E0B02613FA20AA422688FED9F48_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F2C37C77879568F28B76427D99356228_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F6859E0B04B4A43019FDA4D25471C9A3_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED5DFE19DB2C4D8B2CDC2E7023BF7280_4E83FDF9-2E7B-4B5C-B93E-58FE04FE8DC0
[*]C:\PROGRAM FILES\ANSYS 11\V110\AISOL\AGP\AGPAGES\LANGUAGE\DE\XML\AGSTRINGTABLE.XML


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log and let me know if the problem has gone away.


----------



## ajpnsld (Apr 11, 2012)

Hi,

When I ran HiJackthis I got a message saying that it is unable to access 'hosts' file. Following is the log:
----------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:10:03 PM, on 4/29/2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wuauclt.exe
C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pamarj1\Desktop\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [!BingBar] "C:\Program Files\Microsoft\BingBar\7.1.361.0\MUExe\7.1.361.0\BingBarSetup-Partner.EXE" /C:"BBSetup.exe cabLocation=.\BingBarPartnerConfig.cab ismu=2"
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe -update activex
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/livetv.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: lxdkCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdkserv.exe
O23 - Service: lxdk_device - - C:\Windows\system32\lxdkcoms.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 15580 bytes


----------



## ajpnsld (Apr 11, 2012)

The incredibar virus problem is still there.


----------



## Cookiegal (Aug 27, 2003)

Where are you seeing it?


----------



## ajpnsld (Apr 11, 2012)

Hi cookiegal

Thanks a lot for your help. The virus is cleared from firefox and internet explorer. It is still active in chrome. whenever i type any search string in the chrome browser

http://search.incredibar.com/?q=asd...6097263855&a=6R8oCjuYer&i=26&cid=1&uloc=mb119

this is the site it redirects me to


----------



## Cookiegal (Aug 27, 2003)

Download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## ajpnsld (Apr 11, 2012)

"OTL.txt" log file is below:

OTL logfile created on: 4/30/2012 9:36:29 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\pamarj1\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.56% Memory free
4.22 Gb Paging File | 2.76 Gb Available in Paging File | 65.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.50 Gb Total Space | 6.33 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
Drive D: | 8.29 Gb Total Space | 1.83 Gb Free Space | 22.09% Space Free | Partition Type: NTFS

Computer Name: PAMARJ1-PC | User Name: pamarj1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 21:35:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/07 16:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/12/28 00:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/26 22:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2011/03/30 20:56:06 | 000,406,856 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011/03/30 20:55:58 | 002,182,984 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2011/03/07 21:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2009/06/15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/16 12:38:54 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/06/14 08:15:34 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdkcoms.exe
PRC - [2007/03/09 12:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/07 09:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
PRC - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 23:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2004/06/14 17:18:08 | 000,471,040 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/25 18:43:01 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/25 18:43:01 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/24 17:26:58 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/24 17:26:57 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/07/26 22:19:38 | 000,032,848 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2011/07/26 22:19:36 | 000,044,112 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2011/07/26 22:19:36 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2011/07/26 22:19:34 | 000,195,664 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2011/07/26 22:19:34 | 000,057,424 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2011/07/26 22:19:32 | 000,841,296 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2011/07/26 22:19:30 | 000,824,912 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2011/07/26 22:19:30 | 000,049,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2011/07/26 22:19:28 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2011/07/26 22:19:26 | 000,365,648 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2011/07/26 22:19:26 | 000,131,152 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_elementtree.pyd
MOD - [2011/07/26 22:19:24 | 000,093,776 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2011/07/26 22:19:22 | 000,589,904 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2011/07/26 22:19:22 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2011/07/26 22:19:20 | 000,134,224 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2011/07/26 22:19:00 | 000,173,136 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxslt.dll
MOD - [2011/07/26 22:18:58 | 001,009,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxml2.dll
MOD - [2011/07/26 22:18:56 | 000,063,056 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libexslt.dll
MOD - [2011/07/26 22:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2011/06/23 04:07:10 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
MOD - [2011/06/23 04:02:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/03/29 05:55:05 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/01/19 05:48:35 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010/09/02 06:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.102.211\AsusWSShellExt.dll
MOD - [2009/03/01 21:08:04 | 000,003,584 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.102.211\LogicNP.PropSheetExtensionHelper.dll
MOD - [2008/10/13 17:26:58 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2008/07/27 13:03:15 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2008/07/27 13:03:14 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2008/07/27 13:03:12 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/01 13:45:48 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/30 20:56:06 | 000,406,856 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/03/07 21:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/23 14:29:48 | 000,740,968 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2009/06/23 12:23:14 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/06/18 08:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 07:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 07:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/06/04 05:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2009/06/03 11:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [Disabled | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)
SRV - [2008/10/31 15:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/02/16 12:38:54 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/14 08:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdkcoms.exe -- (lxdk_device)
SRV - [2007/06/14 08:15:24 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV - [2007/04/23 20:11:44 | 000,106,593 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/02/07 09:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/14 08:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/13 04:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 23:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/01/05 23:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/06/22 02:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll -- (ASChannel)
SRV - [2006/03/24 16:34:04 | 001,294,336 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe -- (ANSYS FLEXlm license manager)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\pamarj1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (abejrzfa)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/07 23:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/12/07 23:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/17 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110319.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/17 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110319.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/04 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/07 21:54:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/25 22:16:55 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/05/22 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/01 00:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/12/01 00:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/12/01 00:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/06 11:07:18 | 000,180,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071122.002\IDSvix86.sys -- (IDSvix86)
DRV - [2007/04/14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/03 14:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007/03/28 11:44:22 | 000,140,424 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/01 07:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 12:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 11:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/16 23:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/01/09 23:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/01/09 23:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2007/01/09 23:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS)
DRV - [2007/01/09 23:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2007/01/09 23:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/01/09 23:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 C5 78 30 68 23 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{102266F6-EE4B-4F61-B7CF-5CAD12A85595}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{1FDCD3CD-BAC0-4EFD-94CC-99CEE205D94F}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{4F4F3347-4DD6-4602-94EA-1614B7935E8C}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{61019A01-5835-47A7-93CF-BEAA83DDC44F}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{9384583D-5916-4897-9F46-6C3D989C9917}: "URL" = http://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{97181CDC-24B1-4748-9601-65BBAC502816}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
IE - HKCU\..\SearchScopes\{ADD6BEC9-F897-4477-9B4B-F56FF9288C2B}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8oCjuYer&i=26
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {7AF6830F-D3D8-4973-BA4D-74783BE69F62}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.5332
FF - prefs.js..extensions.enabledItems: [email protected]:0.78.35
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\pamarj1\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\pamarj1\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\pamarj1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pamarj1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pamarj1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/10/31 02:45:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/01 03:04:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Splashtop\Splashtop Remote\Server\plugin\FFExtensions [2011/07/27 00:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/01 13:33:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/01 13:33:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008/12/20 04:44:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\pamarj1\AppData\Roaming\Move Networks [2009/10/27 13:23:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\pamarj1\Program Files\DNA [2010/01/14 12:10:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}: C:\Users\pamarj1\AppData\Local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62} [2010/10/12 19:24:04 | 000,000,000 | ---D | M]

[2008/12/18 23:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Extensions
[2012/04/28 23:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions
[2011/12/10 11:48:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/10 11:48:19 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2007/12/07 22:03:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/10 11:48:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/04/01 14:01:22 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
[2009/04/27 22:44:47 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
[2009/03/17 18:58:47 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
[2010/11/14 00:10:35 | 000,001,832 | ---- | M] () -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\searchplugins\bing.xml
[2012/04/01 13:34:03 | 000,002,203 | ---- | M] () -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\searchplugins\MyStart Search.xml
[2012/04/29 23:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/27 00:20:38 | 000,000,000 | ---D | M] (Splashtop Remote) -- C:\PROGRAM FILES\SPLASHTOP\SPLASHTOP REMOTE\SERVER\PLUGIN\FFEXTENSIONS
[2008/12/20 04:44:19 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2010/10/12 19:24:04 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\PAMARJ1\APPDATA\LOCAL\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}
[2009/10/27 13:23:27 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\PAMARJ1\APPDATA\ROAMING\MOVE NETWORKS
[2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2007/02/08 11:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll
[2009/06/23 20:40:40 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll
[2011/11/01 16:55:05 | 000,001,692 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6R8oCjuYer&i=26
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: National Instruments LabVIEW 8.2 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv90win32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\pamarj1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\pamarj1\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Word Search Puzzle = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl\1.2_0\
CHR - Extension: SKiD Racer = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoaojooagiaaiidlnfhkkafjpbbnnno\0.0.0.37_0\
CHR - Extension: WGT Golf Challenge = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\32.1.0_0\
CHR - Extension: Final Fight = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpegianedjonaeafilbagbcbcimjifai\0.0.0.1_0\
CHR - Extension: AdBlock = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.32_0\
CHR - Extension: Monster Truck Racing = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjmcfmephihmhendkenhfmnkfoakedhi\1.0_0\
CHR - Extension: Air Hockey = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcchbhjknakkndfpdbapmdkhbbgojkno\2.0_0\
CHR - Extension: Codec-V = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.17.48_0\
CHR - Extension: Steambirds: Survival = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn\1.0_0\
CHR - Extension: WarTime = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkobmjibnppfleogmodpjgocgdbdiikp\1.23_0\
CHR - Extension: Poppit = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Play Books = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: Crusader Tank = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpegcjgnjllooimlcfdnphhccfnmhfem\1.2.0_0\
CHR - Extension: Baseball (Deluxe) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbmhkhnoadhdceaokdofknafciecdea\2.1_0\

O1 HOSTS File: ([2012/04/25 17:41:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [!BingBar] C:\Program Files\Microsoft\BingBar\7.1.361.0\MUExe\7.1.361.0\BingBarSetup-Partner.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00F5FC4A-1ADF-4AC4-8EB4-B213ADBF5159}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907}: DhcpNameServer = 68.87.72.134 68.87.77.134
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/23 07:05:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/30 21:35:22 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
[2012/04/28 17:16:05 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Roaming\f-secure
[2012/04/28 17:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/04/25 23:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/25 18:38:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/25 17:46:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/25 17:46:37 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Local\temp
[2012/04/25 17:33:46 | 000,000,000 | ---D | C] -- C:\puppy.exe
[2012/04/25 17:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
[2012/04/25 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
[2012/04/24 17:26:26 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/24 17:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/24 17:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/24 17:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/23 18:06:03 | 000,000,000 | ---D | C] -- C:\puppy.exe20967p
[2012/04/19 19:13:41 | 004,468,852 | R--- | C] (Swearware) -- C:\Users\pamarj1\Desktop\puppy.exe.exe
[2012/04/12 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\Desktop\antivirus
[2012/04/12 20:45:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\pamarj1\Desktop\HijackThis.exe
[2012/04/05 20:32:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/05 20:32:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/05 20:32:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/05 20:31:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/05 20:31:54 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/05 20:29:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/01 14:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/04/01 14:01:22 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Local\Premiumplay Codec-C
[2012/04/01 14:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Premiumplay Codec-C
[2012/04/01 14:00:54 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/04/01 13:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 21:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
[2012/04/30 21:43:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job
[2012/04/30 21:42:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
[2012/04/30 21:35:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
[2012/04/30 21:31:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/30 18:01:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
[2012/04/30 17:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/30 17:15:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/29 23:02:40 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 23:02:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/29 03:08:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/29 03:07:00 | 000,609,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/29 03:07:00 | 000,106,324 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/29 00:01:03 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
[2012/04/28 22:42:04 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
[2012/04/28 19:17:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/26 20:00:02 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - pamarj1.job
[2012/04/25 18:38:00 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/25 17:41:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/24 17:25:51 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/20 21:26:58 | 000,002,296 | ---- | M] () -- C:\Users\pamarj1\Desktop\CFScript.rtf
[2012/04/19 19:13:05 | 004,468,852 | R--- | M] (Swearware) -- C:\Users\pamarj1\Desktop\puppy.exe.exe
[2012/04/12 20:54:58 | 000,302,592 | ---- | M] () -- C:\Users\pamarj1\Desktop\2fpcgnjl.exe
[2012/04/12 20:42:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\pamarj1\Desktop\HijackThis.exe
[2012/04/01 18:01:38 | 000,224,256 | ---- | M] () -- C:\Users\pamarj1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/29 03:08:10 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/24 17:25:51 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/20 21:29:20 | 000,002,296 | ---- | C] () -- C:\Users\pamarj1\Desktop\CFScript.rtf
[2012/04/12 20:58:41 | 000,302,592 | ---- | C] () -- C:\Users\pamarj1\Desktop\2fpcgnjl.exe
[2012/04/05 20:32:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/05 20:32:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/05 20:32:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/05 20:32:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/05 20:32:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/02 19:35:35 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/01 13:45:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/12/23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/03/31 21:18:17 | 000,001,466 | -HS- | C] () -- C:\Users\pamarj1\AppData\Local\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
[2011/03/31 21:18:17 | 000,001,466 | -HS- | C] () -- C:\ProgramData\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
[2011/03/28 23:32:02 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/03/28 18:11:07 | 000,005,952 | -HS- | C] () -- C:\Users\pamarj1\AppData\Local\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u
[2011/03/28 18:11:07 | 000,005,952 | -HS- | C] () -- C:\ProgramData\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u
[2010/10/12 19:24:06 | 000,000,000 | ---- | C] () -- C:\Users\pamarj1\AppData\Local\Fguvamunu.bin
[2010/10/12 19:24:05 | 000,000,120 | ---- | C] () -- C:\Users\pamarj1\AppData\Local\Fkawalutiholura.dat

========== LOP Check ==========

[2010/01/12 17:25:39 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Ansys
[2011/07/27 06:36:15 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS
[2011/07/27 00:19:18 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS WebStorage
[2011/07/27 09:14:37 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS.AF361EFD06694D11175EA8BF6E21597A36AD9F1D.1
[2011/01/09 02:52:56 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\BitTorrent
[2008/09/30 18:48:50 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\BitTorrent DNA
[2011/01/28 01:21:10 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\calibre
[2009/12/25 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DAEMON Tools Lite
[2010/01/25 04:19:45 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DNA
[2009/10/28 16:06:05 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DzSoft
[2011/07/27 00:01:57 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\eCareme
[2012/04/28 17:16:05 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\f-secure
[2011/08/28 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\gtk-2.0
[2009/05/28 08:53:19 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Lexmark Productivity Studio
[2010/02/18 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\mjusbsp
[2010/11/09 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Mobipocket
[2011/07/27 09:14:54 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Outlook
[2012/02/07 13:52:37 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Samsung
[2012/03/10 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\SystemRequirementsLab
[2008/08/02 16:33:58 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\WildTangent
[2007/12/07 01:06:12 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2012/04/29 00:01:03 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
[2012/04/30 18:01:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
[2010/05/20 18:32:20 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2012/04/25 18:35:08 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/30 21:45:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
[2012/04/30 21:43:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job

========== Purity Check ==========

< End of report >

*****************************************************
"Extras.txt" log file is below:

OTL Extras logfile created on: 4/30/2012 9:36:29 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\pamarj1\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.56% Memory free
4.22 Gb Paging File | 2.76 Gb Available in Paging File | 65.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.50 Gb Total Space | 6.33 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
Drive D: | 8.29 Gb Total Space | 1.83 Gb Free Space | 22.09% Space Free | Partition Type: NTFS

Computer Name: PAMARJ1-PC | User Name: pamarj1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FA4811-5678-49DB-99C1-4B6DB65C75A1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{102A3482-ACB3-40C3-AA52-67EB5D6890D4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{14301BC2-CA25-422E-AED8-644BD6515FB5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{18669517-B8C0-401F-83C2-380038001647}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{1C5101CD-7160-4CAA-B2EA-584EFFDBF4AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{240570A3-FD05-4070-BA73-95369CAEE504}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service | 
"{28C17E1A-0AA6-4D2E-A2D1-069CEE52612E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2E4DE966-8A7A-4792-883A-2B2774A6A40B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{2EEF95CF-A77B-4ACA-9D1D-2813DD77B963}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3130E10C-FEE4-4073-A8F9-83BD251A87FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{32E404CB-2E83-44C5-8942-BCC9DEE656D8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{55128512-00E3-4514-8E1C-4F2BD6B2CA8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{60440D78-42D9-41F1-AB14-201B99E20781}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{62C7B954-90AF-4736-97F7-4629E6D2CBB5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{644FDE02-78A8-4F8F-949C-8C0699E615A8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{670E78E3-8F02-443C-BC13-6BA3B40F4681}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{6F0780A7-33D2-49A4-A25C-E1FD4749908B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{745285CD-FEF3-4EAD-BF14-7A1636F92DA6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{783A0DCA-A8AB-4718-A4BA-4FA3C14D4535}" = rport=138 | protocol=17 | dir=out | app=system | 
"{787B12FC-28CE-4E9C-A211-8B055F7E166B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{867FE2B2-E4B0-454B-8A9B-8AF4DBC5C275}" = rport=137 | protocol=17 | dir=out | app=system | 
"{89694E3D-CE1C-48DF-A71F-E85895ACC6AA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{903B4729-E070-4BD7-BB83-DAA0E16AE21E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B810E45D-7DA4-4F25-8FAD-560ACBED044A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BF7FCBC5-B3FD-4313-A48D-3BC55D5C613F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C8C24D02-6620-4F83-93FF-62AC6A094678}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D69FDCBA-F7E0-454C-94C1-29E37EFA0F04}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D72D82DC-89B1-4E95-8724-96BC76125079}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E45C3A3C-8BE3-4F3F-88F6-4D7FF75AC5C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E45C93D1-2E92-4E1C-AFF7-21BE96083B8E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EB09EBF3-58AE-4670-B4C8-051264256A15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FA8AC27F-AF57-4C52-B0C2-8A092EB195FC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FAB02698-FFC6-42A8-A823-C25560DC3A9F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025CE4A3-1736-411D-B864-40348A333E72}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{059B9933-45D6-4E4A-ADE8-86D09F939866}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe | 
"{06E72E97-633D-41D9-89D2-98A69818C2B3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{07B5A946-E515-4FF6-AC91-D7FE948B06CA}" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\lxdkamon.exe | 
"{09A3A996-F58B-4F09-B880-DFF84F755986}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{0CC078F5-04FA-48E2-B327-C31F4BBD211D}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{0D83A6A4-70DF-4525-B2AD-2CF10586A76F}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe | 
"{10907164-AF40-40A8-915A-76802FDFA12E}" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe | 
"{1254D1FB-C0BF-43B7-8458-E303C0D0BBD9}" = dir=in | app=c:\users\pamarj1\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{1562EBCF-CD87-4892-8928-01046A2BCE27}" = protocol=17 | dir=in | app=c:\users\pamarj1\program files\dna\dna.exe | 
"{1BFBEBCE-9AA5-4880-B85B-D414E380AE3E}" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe | 
"{1E7221A5-791A-4380-AC49-B9D6503B168A}" = protocol=17 | dir=in | app=c:\windows\system32\lxdkcoms.exe | 
"{1F63ED1B-5223-4C07-8944-7C61470B2F89}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{2174FFCF-3D1F-4F35-B159-F1DDF29B91C9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{3774E4F0-A63A-4742-BA0A-9D196AEC52F7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{38D4824F-5EAF-4FE0-B727-D948D8ABEA98}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{3A8BB367-4798-44EA-9B6C-F30ADC8B1769}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{3CADBD25-21AD-4F59-A06B-A3CA5445CC6E}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{3FB305A1-F6B7-451A-BEBA-EABD736862A5}" = protocol=6 | dir=in | app=c:\windows\system32\lxdkcoms.exe | 
"{471E7F68-7D13-48D0-9A85-CA86BD73A2C5}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{479D7343-DC23-4249-875E-74BEEA5237BB}" = protocol=6 | dir=in | app=c:\users\pamarj1\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{4BB0F7DE-F73F-4DC8-BFF5-48E9D6F7B9D6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{51487CD1-3472-4067-A55E-E646388D2CD1}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe | 
"{51B48187-34A9-4783-8159-E32612B344CF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{52A54DDB-754E-48FD-8D8A-379AADA48C22}" = protocol=17 | dir=in | app=c:\users\pamarj1\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{533DA25F-0B66-456E-8FE5-623366CBEC4E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdktime.exe | 
"{5F2F8C1C-C481-4453-9223-889DCFAE2EFD}" = dir=in | app=c:\program files\plex\plex media server\plex media server.exe | 
"{62E3A001-1BE3-4D42-8437-9FE8C88A907F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{631C8A9A-3073-4C21-B8A8-CE14B6C112C5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{644D4E0A-39FB-40C3-9F02-9ECED320F825}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6747EFDA-1B9B-47BF-B676-D1398C84AABE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6A66CF3D-4B28-4CCF-9234-2B208D01C26C}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe | 
"{6D6E52F0-6502-4085-AC4D-21A60EC502C1}" = protocol=1 | dir=in | [email protected],-28543 | 
"{6E26E491-9CEA-4A4D-B782-E7A30045A69A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkjswx.exe | 
"{711A98ED-FA70-48F5-92D5-17F296BA190A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{763C0790-2931-4E22-BCB6-61BBFE1AE624}" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe | 
"{7648068E-550E-4B8D-9EAF-E2AEC0F4030A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{78DF765B-B656-43F2-A497-72B283F57792}" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe | 
"{7A3CB773-B63B-4FC7-8788-BC20B448BE0A}" = protocol=58 | dir=out | [email protected],-28546 | 
"{7E3D098D-C873-4C49-B1E2-456D1A830EF0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{7F7EECC3-80E1-4DB9-8A0E-9391FFC0DC21}" = protocol=58 | dir=in | [email protected],-28545 | 
"{865D670C-40B4-4239-BD61-93693E113739}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{91420161-BB7F-414F-B63E-005E07E8EC2C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{94184BB1-3D4D-42A1-B847-15E52AEFADFE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A164A6A3-C647-46E0-9E51-442B658A4525}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{A20CE091-93A6-40EA-AEB0-9C0550659D95}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{A6B70A5D-4195-4CBD-B44E-34A0677761B0}" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\lxdkamon.exe | 
"{A6D127B8-129C-4796-87B0-21CBDD2295AF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{A7DF02F8-27EA-4671-B62D-2E6894908497}" = protocol=1 | dir=out | [email protected],-28544 | 
"{A8A553A9-2A99-4C36-B82D-B372E4AFADE9}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{AAC934CC-5650-4415-BED6-54A2A9A44CD6}" = protocol=6 | dir=in | app=c:\users\pamarj1\program files\dna\dna.exe | 
"{AEB3A92E-E155-473A-80C5-4703E07BBF50}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{B0DB4182-1848-424E-8591-9A2D24DB3BFD}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | 
"{B0E300AD-8333-4799-81FF-E59C78A8EB6F}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{B35DBD9A-B194-4ACE-96F6-6D98D406F1BA}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe | 
"{B3C4B550-61BA-4E81-9604-FC5B7AB5E8F4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{B4647ABE-FCCB-4FA0-B83F-9BE3EF1A0FCA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{BC6BA00C-935D-482A-BBC1-82B746ABB63A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{C1638E06-4DC6-402E-973C-24CB190FE220}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{C32F8711-69AF-4494-9C55-7511E88408DF}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{C80D4C90-5E77-44A6-9A69-A185124F697B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{C8122C95-73BC-4A04-9C46-C1617FC33AAA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C817561E-2DCC-472C-B628-DEA2C7510BBF}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkjswx.exe | 
"{C85D4720-969D-488C-8F81-258CE8CB6570}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{CB22C0B5-84FB-460D-899D-B02235664480}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D616515C-B96F-4F27-9B3E-7C970621C150}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D7277D7C-843B-4448-8D7C-EF7B9727875D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe | 
"{D9DBF6AB-1482-4C89-BA58-E364A68C61DD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{DE062886-FC1D-462B-816C-043C32C0A76F}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe | 
"{E0CF7F8C-4A51-4D3D-B257-8DCAB4BC65A0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{E8789A75-81AA-4213-BE11-CDF1F1EA67BB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdktime.exe | 
"{EAA9C718-64A0-458D-81C8-F4981FB52E03}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{EB5D78EB-A66E-4922-96DD-AF2AE556BDC3}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{EB7BEE18-B2BA-47EE-9661-73898F61A9AB}" = protocol=17 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe | 
"{EBEE1427-0DB4-4F8A-80AF-B949302555E5}" = dir=in | app=c:\program files\plex\plex media server\plexscripthost.exe | 
"{F710CF2F-8983-41F9-98CB-D00849B26DF6}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{F8FE480B-B0D6-4593-8EAC-289A264E0456}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe | 
"{FCE0EF33-A11E-4038-8EA7-4AF5323179BE}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\inputserv.exe | 
"{FE71E1F1-12CE-4A24-8696-33F048EBEDDD}" = protocol=6 | dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe | 
"{FFB01377-B897-4153-BBE8-5653C4A69999}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe | 
"TCP Query User{0079FE1C-29EC-4D90-84B7-6A0DA89CA921}C:\users\pamarj1\program files\bittorrent_dna\dna.exe" = protocol=6 | dir=in | app=c:\users\pamarj1\program files\bittorrent_dna\dna.exe | 
"TCP Query User{0494DB62-EA7E-4859-83BB-B465E51E7F68}G:\quake3\quake3.exe" = protocol=6 | dir=in | app=g:\quake3\quake3.exe | 
"TCP Query User{0922FF93-83F1-4B62-942F-DD0C7A65E063}C:\users\pamarj1\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\pamarj1\program files\dna\btdna.exe | 
"TCP Query User{27DF5B47-C50D-4720-91E6-E26C7229CE0F}C:\users\pamarj1\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\pamarj1\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{311A1171-ED2B-4675-B814-DA88548C047A}C:\program files\ea sports\2006 fifa world cup (tm)\fifawc06.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\2006 fifa world cup (tm)\fifawc06.exe | 
"TCP Query User{438BED51-D893-497D-9EC1-4AC182EC0EB1}C:\program files\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=c:\program files\quake iii arena\quake3.exe | 
"TCP Query User{50339562-721D-4B1B-B537-427D38941A78}C:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe | 
"TCP Query User{9DDD5134-BE88-47EC-8DDF-FF10B1774E3F}C:\program files\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=c:\program files\quake iii arena\quake3.exe | 
"TCP Query User{B386E723-82FA-4624-BBE5-9C6DB4CC8FF4}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{B6A6A5A0-29D9-484C-B7F2-40585AF4C97E}C:\program files\lexmark 5300 series\lxdkmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe | 
"TCP Query User{C9FF6511-3962-4D66-8133-ADFD334A109A}C:\program files\lexmark 5300 series\frun.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe | 
"TCP Query User{CA53107B-7174-45E9-9F53-9748B594EC2D}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{CAF1DA97-90EC-42F7-978D-6A8B84ECEA3C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{DD915B5F-55FF-4327-980A-3F308AF340B0}C:\program files\ea games\need for speed hot pursuit 2\nfshp2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed hot pursuit 2\nfshp2.exe | 
"TCP Query User{EB640DFB-9958-4DBF-9E44-45FE589BD89F}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{F1880E3D-434A-4037-A442-E28C34237190}C:\program files\asus\asus sync\asusupctloader.exe" = protocol=6 | dir=in | app=c:\program files\asus\asus sync\asusupctloader.exe | 
"UDP Query User{1BFC427B-E4A3-4C9F-B415-760747FE98D8}C:\users\pamarj1\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\pamarj1\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{1D7C7F28-DEB8-4358-94C7-5D9F1484BD0D}C:\program files\ea sports\2006 fifa world cup (tm)\fifawc06.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\2006 fifa world cup (tm)\fifawc06.exe | 
"UDP Query User{2021A4AD-012B-4C6E-B2E4-4A19D3F43FE2}C:\program files\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=c:\program files\quake iii arena\quake3.exe | 
"UDP Query User{2CC78272-2D55-4817-BB70-030038583A27}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{367EC2E3-D941-47B2-A92A-AFB342D7CB0E}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{51FD48DE-E5F5-4B1C-8906-957BA0AC909F}C:\program files\asus\asus sync\asusupctloader.exe" = protocol=17 | dir=in | app=c:\program files\asus\asus sync\asusupctloader.exe | 
"UDP Query User{5FEE06E6-6BB5-4E1A-BDF0-DD4887AFA424}C:\program files\ea games\need for speed hot pursuit 2\nfshp2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed hot pursuit 2\nfshp2.exe | 
"UDP Query User{68449D60-8856-4981-8259-2F83B5B6CE2A}C:\users\pamarj1\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\pamarj1\program files\dna\btdna.exe | 
"UDP Query User{8168E703-8089-49A8-9869-D3EDE205F84E}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{8C1123D6-B770-4E11-BBD9-B7127B793B5C}C:\program files\lexmark 5300 series\lxdkmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\lxdkmon.exe | 
"UDP Query User{8EBE8473-BC29-4A48-BB09-D9972294833C}C:\program files\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=c:\program files\quake iii arena\quake3.exe | 
"UDP Query User{9D25E026-BF49-4565-83E9-A5EAE2068DDD}C:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdkpswx.exe | 
"UDP Query User{A6D456E5-CE65-49ED-AF97-03F4AC08AA7D}C:\program files\lexmark 5300 series\frun.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 5300 series\frun.exe | 
"UDP Query User{B3DDCE4B-C351-4C84-8103-4BB63C72F6E0}C:\users\pamarj1\program files\bittorrent_dna\dna.exe" = protocol=17 | dir=in | app=c:\users\pamarj1\program files\bittorrent_dna\dna.exe | 
"UDP Query User{BDD3CF01-6B3F-42DC-91ED-A184A3FCABD7}G:\quake3\quake3.exe" = protocol=17 | dir=in | app=g:\quake3\quake3.exe | 
"UDP Query User{FF56BDC5-8C4F-49D4-B2C3-0BBFAAF44BCE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04B552B1-4EC5-4F1B-9F02-FD3DF5A71184}" = NI Assistant Framework
"{04D66B46-4349-407C-9297-9B43648E4C84}" = NI LabVIEW Run-Time Engine Interop 2009
"{05046BCC-5E64-4A85-8615-D84DE4C1D865}" = NI VC2005MSMs x86
"{05A8E727-958F-4E2D-BB2F-E820EF1077AA}" = Amethyst CADwizz Ultra
"{0657A4A0-91D4-4A64-9ADB-395EC190CF36}" = Symantec Real Time Storage Protection Component
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07A99739-82EE-4537-AF2E-1607015D9992}" = NI Service Locator
"{08133ED0-B6EB-49CD-B0EF-60502E41D15E}" = NI Xerces Delay Load 2.7.1
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{094621AC-72E7-4167-8A06-CCDDBEBC233F}" = NI LabVIEW 2009 Help File
"{0ABA40AF-288D-41F1-B735-C5155692CD7D}" = VeriSoft Access Manager
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{0FB31DF8-38DF-4C9D-B313-AFAFC3FBA02B}" = NI LVBrokerAux 8.2.1
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{118C3943-1683-42EF-824D-C22E70DB42E7}" = Comcast Desktop Software (v1.2.1)
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{127F1FD4-43BB-4428-8B2A-70539F4B6F1F}" = ANSYS Products 11.0
"{1517A7CB-5F00-4A88-8F06-E89B6DB63784}" = ESU for Microsoft Vista
"{15FE4745-FF95-4746-A817-70CD06AAE8B8}" = Plex Media Server
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19C120B7-F7A6-4105-9D62-1F6305B2E2CF}" = NI DataSocket 4.7.0
"{1B06E3AF-1CE2-4085-AE4E-DFEC369E86D3}" = NI Logos XT Support
"{1D6F0B9D-F19E-43AB-9D8E-2E3653212C72}" = NI LabVIEW 2009 MeasAppChm File
"{2108E50D-978D-4D62-A837-4F12A61ADF15}" = NI LabVIEW 2009 License
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{229A26F7-81A9-4A17-9D00-6CF4D08CEA44}" = NI LabVIEW 2009 WWW
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23940B09-32B3-4C36-88A9-E787862E2AE9}" = NI Variable Engine LabVIEW 2009 Support
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{278AF4F9-DC1C-49DC-B871-C0BAEBD4F458}" = NI License Manager
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{297FA251-FF30-4F16-978C-4A65EA804EFF}" = NI LabVIEW Real-Time Error Dialog
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2A98DB42-3743-4022-ADFA-42AE811484AE}" = NI EULA Depot
"{2AD5E818-E2EE-4BBF-A2BF-29022C6FC236}" = NI Assistant Framework LabVIEW 2009 Support
"{2AE0B374-90DA-416C-9AF9-436585FD34DD}" = ASUS Sync
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2D72E0EC-D695-4BFB-A246-F07BAAA91AA1}" = NI Remote Provider for MAX 4.6.0
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{307300E8-6D0E-48AD-AC4B-D41A9549DEEB}" = NI LabVIEW 2009 Examples
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{3403CB31-D7C1-43F4-9D2F-579758C0CF09}" = Windows Live OneCare Family Safety
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34EE2F0F-D6EA-4C36-8315-41107048D48D}" = NI-DAQmx - LabVIEW shared documentation
"{35872655-EA55-4A90-8DAA-AD2B777B8CAC}" = NI LabVIEW 2009 Applibs
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{383AD0A2-FD79-4CF0-B823-C695E32BD08D}" = NI LabVIEW Run-Time Engine Web Services
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3F188640-B4F5-44D5-BBF3-DAB70CF5629B}" = NI LabVIEW Compare Utility 9.0.0
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40D9D764-7FD7-4036-B565-6D94DEEBD4A5}" = NI LabVIEW Merge Utility 9.0.0
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
"{45A5461A-7D1D-4A91-B033-0B85E7AB25C2}" = NI MXS 4.6.0f0 for LabVIEW Real-Time
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4BE3B1FB-31C9-4FA4-B7FE-37025785FCE9}" = calibre
"{4D581C40-11D0-476B-A943-76506924B722}" = NI Distributed System Manager 2009
"{4E049CBB-01EE-4859-B4C8-26E42263CEE4}" = NI LabVIEW Run-Time Engine 2009
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{50F9A1FC-39D8-46E8-8234-1A1A68A4033E}" = NI Variable Engine 2.3.0
"{51E23D68-FE69-4728-A8EE-F12856B046C7}" = NI LabVIEW 2009 User.lib
"{52C3DD72-17E5-4E0D-83A8-FB42FCE3A8EF}" = NI-RPC 4.1.1f0 for Phar Lap ETS
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{57B77060-04B4-468E-89A9-F68EEE466F57}" = NI USI 1.7.0
"{57F37CA1-6FA3-46D2-8F01-AD3A26FA4E9B}" = NI Assistant Framework LabVIEW Code Generator 2009
"{596C11D1-2285-4057-99F6-735B50EB87E1}" = NI System API RT
"{5A70FCD2-C019-4723-868F-07CD6C7755FF}" = NI Logos 5.1
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{5E2E0DF8-75EC-47E2-9583-3229A4CF5C95}" = NI LabVIEW 2009 Project
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6447FE3A-8B2C-41DB-9791-322B8445B3E9}" = NI LabVIEW Deployable License 2009
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F5CBE0-D208-46E5-8593-C07D3FDF8454}" = NI LabVIEW 2009 CINtools
"{7559B6F5-180B-479A-A8CD-2175EFBC61F8}" = NI LabVIEW 2009 Deployment Framework
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77B1B7C6-4C2F-4D0C-A807-F1A2910B7AC4}" = NI LabVIEW 2009 Resource
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7ACFB216-29F7-4331-A5ED-2563AEB51F21}" = NI Trace Engine
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{7E7A035C-9DC5-40B0-B873-002B14CCE3B8}" = NI-RPC 4.1.1f0
"{82B8F87D-C75E-4270-B030-49ECDAFF1B53}" = NI MAX Remote Configuration Installer 4.6
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{88D1DA3C-09FA-4CA7-BB6B-2CEACCFA95D5}" = NI System State Publisher
"{89A7BD8C-0FC3-49EF-9072-5C8371C0A4D6}" = NI LabVIEW Web Services Runtime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5D448D-FBA1-40B6-9131-03659BC83319}" = NI LabVIEW 2009 Menus
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF869D1-F416-4855-8177-EB75D73CC992}" = NI LabVIEW 2009 Web Server
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9033A0BF-9B8A-4C27-812B-40BA10855E2D}" = NI LabVIEW 2009 Simulation
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{92769F9C-453B-40C9-B129-6E8E52586C8E}" = NI LabVIEW Broker
"{927C1DDA-61DC-4B95-A138-8A1377E33A9A}" = NI Portable Configuration 4.6.0
"{93B8921B-2AC6-4A58-A87C-19B633DB6860}" = NI Software Provider for MAX 4.6.0
"{94A1911F-CD2F-4B9C-B171-2B43DCD213AA}" = Splashtop Remote
"{96094CE5-7920-47FD-8A02-68A7B5B1785F}" = NI System API Windows 32-bit
"{9862682B-2CDB-4D67-9D8B-EC3CDA85F1CB}" = NI LabVIEW 2009 VI.lib
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9B79CE5E-ECAA-4D23-9924-0BF5A3F440F0}" = NI LabVIEW 2009 gMath
"{9D2795DC-59E3-4E75-B59D-D23A6A18CE9C}" = ASUS Android USB Drivers
"{9F7DBC83-611C-4407-8817-8FD63E149288}" = NI SSL LabVIEW 2009 Support
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96395DA-AFC5-459E-A374-CE10E84FEEB2}" = NI TDM Excel Add-In 2.1
"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AE9AA575-DE74-4711-B3B3-2977D76CC1BB}" = NI TDMS
"{AF32BE73-E284-444E-B310-7EE80192949B}" = NI LabWindows/CVI DLL Builder for LabVIEW
"{AFEDF70D-8DC3-40CB-93A0-F276E64BDF9C}" = NI VC2008MSMs x86
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B6D62D-9BDF-48A6-AE95-E4F730369D26}" = NI Logos LabVIEW 2009 Support
"{B5BD3DA8-1A63-4042-90FA-B26C361382C9}" = NI Remote PXI Provider for MAX 4.6.0
"{B61B6668-A674-4A06-8405-51944D5CCDDD}" = AuthenTec Fingerprint Sensor Minimum Install
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B8E65E0D-30D8-49BD-B92C-0E77A09545D6}" = NI MAX LabVIEW Support 4.6.0
"{B963C648-249B-4145-BC14-56488262E9A9}" = NI MDF Support
"{BA0C85C1-E5CC-4F58-84FB-8DA29F3412F0}" = NI Uninstaller
"{C57A08DC-0D4B-41E1-82A3-6290292E5B87}" = NI LabVIEW 2009 Instr.lib
"{C6BF965C-5A8C-498E-A6AD-B594D583F7B3}" = NI LabVIEW 2009
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDA69AF-DD7A-42A8-B6D3-65BA0592D34E}" = NI Instrument IO Assistant for LabVIEW 9.0 32
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D5BD34F2-A261-450D-81D1-581613580320}" = NI LabVIEW 2009 Manuals
"{D72AB2C1-D24D-4F17-B3DB-AF51223F293E}" = NI SSL Support
"{D9529709-28B0-4DA1-8749-8924C11AAFF2}" = NI Registration Wizard
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
"{E37CCD6C-56C1-43C7-B2FA-24A32B6B09F7}" = NI Example Finder 9.0
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19E2B0A-2249-45DA-92DB-0CE0DEB8E8A4}" = NI OPC Support
"{F417A147-5CCC-452D-9C6F-4C91FD5C7916}" = NI LabVIEW 2009 Help
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F723A248-6AAC-4514-AFFB-7414BE02D95B}" = NI LabWindows/CVI 9.0 Run-Time Engine
"{F827F574-36ED-4D97-820A-AD6F74E02D0D}" = NI MXS 4.6.0
"{F853DF00-73BD-400D-AE67-A41012E06D20}" = NI LabVIEW Real-Time NBFifo
"{F8D407B1-B9A0-4128-8E79-17A6F9433F6C}" = NI Measurement & Automation Explorer 4.6.0
"{FA131BE1-8946-4969-B16F-CF5C928ABAAB}" = NI LabVIEW 2009 Templates
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FB84287D-6425-4867-89AE-6221FCDE2976}" = NI LabWindows/CVI Code Generator
"{FBDCDFA2-6950-46A1-B31E-B1B3DF08242B}" = Miro Video Converter
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebStorage" = ASUS WebStorage
"Audacity_is1" = Audacity 1.2.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dia" = Dia (remove only)
"doPDF 6 printer_is1" = doPDF 6.2 printer
"DzSoftWebPhotoResizer_is1" = Quick Photo Resizer 2.5.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2083] [2008-08-21]
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{94A1911F-CD2F-4B9C-B171-2B43DCD213AA}" = Splashtop Remote
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark 5300 Series" = Lexmark 5300 Series
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"NI Uninstaller" = National Instruments Software
"Picasa 3" = Picasa 3
"Premiumplay Codec-C" = Premiumplay Codec-C
"PrimoPDF4.1.0.9" = PrimoPDF
"Prism" = Prism Video File Converter
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SopCast" = SopCast 1.1.2
"ST6UNST #1" = HQ2K1
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TVUPlayer" = TVUPlayer 2.3.3.2
"TVWiz" = Intel(R) TV Wizard
"Veoh Web Player Beta" = Veoh Web Player Beta
"VLC media player" = VLC media player 1.1.11
"WildTangent hplaptop Master Uninstall" = My HP Games
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Live Toolbar" = Windows Live Toolbar
"WinMerge_is1" = WinMerge 2.12.4
"WinRAR archiver" = WinRAR archiver
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Extras" = Yahoo! Browser Services

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"BitTorrent" = BitTorrent 6.0
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2010 1:11:59 PM | Computer Name = pamarj1-PC | Source = Symantec AntiVirus | ID = 16711726
Description =

Error - 1/10/2010 1:12:00 PM | Computer Name = pamarj1-PC | Source = Symantec AntiVirus | ID = 16711685
Description =

Error - 1/10/2010 1:12:09 PM | Computer Name = pamarj1-PC | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 1/12/2010 6:05:22 PM | Computer Name = pamarj1-PC | Source = Windows Installer 3.1 | ID = 921877
Description =

Error - 1/12/2010 6:07:03 PM | Computer Name = pamarj1-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 1/12/2010 6:07:52 PM | Computer Name = pamarj1-PC | Source = VSS | ID = 8194
Description =

Error - 1/12/2010 6:20:24 PM | Computer Name = pamarj1-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 1/13/2010 3:25:09 PM | Computer Name = pamarj1-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 2c68 Start Time: 01ca91a935a7a440 Termination Time: 0

Error - 1/14/2010 12:35:33 AM | Computer Name = pamarj1-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/14/2010 4:18:04 PM | Computer Name = pamarj1-PC | Source = Windows Search Service | ID = 3013
Description =

[ OSession Events ]
Error - 10/25/2007 11:00:42 PM | Computer Name = pamarj1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2087
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 6/15/2009 2:12:51 AM | Computer Name = pamarj1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/15/2009 1:18:11 AM | Computer Name = pamarj1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1074
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/25/2009 3:42:43 PM | Computer Name = pamarj1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/11/2010 1:04:30 AM | Computer Name = pamarj1-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom10, is not ready for access yet.

Error - 10/11/2010 1:04:31 AM | Computer Name = pamarj1-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom10, is not ready for access yet.

Error - 10/11/2010 1:04:32 AM | Computer Name = pamarj1-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom10, is not ready for access yet.

Error - 10/11/2010 1:04:33 AM | Computer Name = pamarj1-PC | Source = PlugPlayManager | ID = 12
Description = The device 'TSSTcorp CD/DVDW TS-L632M ATA Device' (IDE\CdRomTSSTcorp_CD/DVDW_TS-L632M_______________0A17____\5&5b8f77b&0&0.0.0)
disappeared from the system without first being prepared for removal.

Error - 10/11/2010 1:04:33 AM | Computer Name = pamarj1-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 10/11/2010 1:04:33 AM | Computer Name = pamarj1-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom10, is not ready for access yet.

Error - 10/11/2010 7:55:16 PM | Computer Name = pamarj1-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 10/12/2010 1:16:35 AM | Computer Name = pamarj1-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom11, is not ready for access yet.

Error - 10/12/2010 7:53:38 PM | Computer Name = pamarj1-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 10/12/2010 7:54:53 PM | Computer Name = pamarj1-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:52:05 PM on 10/12/2010 was unexpected.

[ VeriSoft Events ]
Error - 7/20/2011 8:33:11 AM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 7/20/2011 8:33:15 AM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 11/10/2011 8:45:24 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 1/15/2012 9:30:44 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 4/12/2012 9:28:51 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 4/12/2012 9:29:00 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 4/12/2012 9:29:21 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 4/12/2012 9:29:26 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 4/12/2012 9:29:37 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 4/12/2012 9:33:28 PM | Computer Name = pamarj1-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected]
Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Run OTL again. Close all running applications other than OTL. Under the Custom Scans/Fixes box at the bottom, paste in the text in the code box that follows these instructions:

Click the *Run Fix* button at the top.
Let the program run unhindered. When finished, the system should reboot automatically. If it doesn't please reboot.
After the computer reboots and you log into your account, a Notepad text file will appear.
Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as *C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log*.


```
:OTL
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6R8oCjuYer&i=26

:Files
C:\Users\pamarj1\AppData\Local\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
C:\ProgramData\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
C:\Users\pamarj1\AppData\Local\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u
C:\ProgramData\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u
C:\Users\pamarj1\AppData\Local\Fguvamunu.bin
C:\Users\pamarj1\AppData\Local\Fkawalutiholura.dat

:Commands
[Reboot]
[emptytemp]
[EMPTYFLASH]
```


----------



## ajpnsld (Apr 11, 2012)

All processes killed
========== OTL ==========
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
========== FILES ==========
File\Folder C:\Users\pamarj1\AppData\Local\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420 not found.
File\Folder C:\ProgramData\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420 not found.
File\Folder C:\Users\pamarj1\AppData\Local\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u not found.
File\Folder C:\ProgramData\81w6u6541778ob5f5s06a6nv06n5ccdufn550627526t6u not found.
File\Folder C:\Users\pamarj1\AppData\Local\Fguvamunu.bin not found.
File\Folder C:\Users\pamarj1\AppData\Local\Fkawalutiholura.dat not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: 257
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: pamarj1
->Temp folder emptied: 172861 bytes
->Temporary Internet Files folder emptied: 78326565 bytes
->Java cache emptied: 74639981 bytes
->FireFox cache emptied: 70758447 bytes
->Google Chrome cache emptied: 223845819 bytes
->Flash cache emptied: 204289 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123730 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 427.00 mb

[EMPTYFLASH]

User: 257
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: pamarj1
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.42.2 log created on 05012012_221742

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again the same as the first time and post the log.


----------



## ajpnsld (Apr 11, 2012)

Hi cookiegal

sorry for the delay. Here's the log

OTL.TXT

OTL logfile created on: 5/3/2012 5:19:46 PM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\pamarj1\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.32% Memory free
4.22 Gb Paging File | 2.72 Gb Available in Paging File | 64.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.50 Gb Total Space | 10.06 Gb Free Space | 9.72% Space Free | Partition Type: NTFS
Drive D: | 8.29 Gb Total Space | 1.83 Gb Free Space | 22.09% Space Free | Partition Type: NTFS

Computer Name: PAMARJ1-PC | User Name: pamarj1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 21:35:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/07 16:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/12/28 00:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/26 22:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2011/03/30 20:56:06 | 000,406,856 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011/03/30 20:55:58 | 002,182,984 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2011/03/07 21:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2009/06/15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/16 12:38:54 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/06/14 08:15:34 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdkcoms.exe
PRC - [2007/03/09 12:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/07 09:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
PRC - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 23:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/01 22:35:09 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/01 22:35:09 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/24 17:26:58 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/24 17:26:57 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/07/26 22:19:38 | 000,032,848 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2011/07/26 22:19:36 | 000,044,112 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2011/07/26 22:19:36 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2011/07/26 22:19:34 | 000,195,664 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2011/07/26 22:19:34 | 000,057,424 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2011/07/26 22:19:32 | 000,841,296 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2011/07/26 22:19:30 | 000,824,912 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2011/07/26 22:19:30 | 000,049,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2011/07/26 22:19:28 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2011/07/26 22:19:26 | 000,365,648 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2011/07/26 22:19:26 | 000,131,152 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_elementtree.pyd
MOD - [2011/07/26 22:19:24 | 000,093,776 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2011/07/26 22:19:22 | 000,589,904 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2011/07/26 22:19:22 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2011/07/26 22:19:20 | 000,134,224 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2011/07/26 22:19:00 | 000,173,136 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxslt.dll
MOD - [2011/07/26 22:18:58 | 001,009,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxml2.dll
MOD - [2011/07/26 22:18:56 | 000,063,056 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libexslt.dll
MOD - [2011/07/26 22:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2011/06/23 04:02:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/01/19 05:48:35 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010/09/02 06:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.102.211\AsusWSShellExt.dll
MOD - [2009/01/18 16:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2008/10/13 17:26:58 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2008/07/27 13:03:15 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2008/07/27 13:03:14 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2008/07/27 13:03:12 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2007/11/16 17:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007/11/16 17:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/01 13:45:48 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/30 20:56:06 | 000,406,856 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/03/07 21:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/23 14:29:48 | 000,740,968 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2009/06/23 12:23:14 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/06/18 08:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 07:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 07:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/06/04 05:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2009/06/03 11:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [Disabled | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)
SRV - [2008/10/31 15:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/02/16 12:38:54 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/14 08:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdkcoms.exe -- (lxdk_device)
SRV - [2007/06/14 08:15:24 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV - [2007/04/23 20:11:44 | 000,106,593 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/02/07 09:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/14 08:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/13 04:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 23:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/01/05 23:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/06/22 02:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll -- (ASChannel)
SRV - [2006/03/24 16:34:04 | 001,294,336 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe -- (ANSYS FLEXlm license manager)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\pamarj1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aget0x7k)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/07 23:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/12/07 23:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/17 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110319.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/17 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110319.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/04 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/07 21:54:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/25 22:16:55 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/05/22 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/01 00:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/12/01 00:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/12/01 00:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/06 11:07:18 | 000,180,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071122.002\IDSvix86.sys -- (IDSvix86)
DRV - [2007/04/14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/03 14:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007/03/28 11:44:22 | 000,140,424 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/01 07:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 12:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 11:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/16 23:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/01/09 23:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/01/09 23:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2007/01/09 23:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS)
DRV - [2007/01/09 23:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2007/01/09 23:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/01/09 23:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 C5 78 30 68 23 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{102266F6-EE4B-4F61-B7CF-5CAD12A85595}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{1FDCD3CD-BAC0-4EFD-94CC-99CEE205D94F}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{4F4F3347-4DD6-4602-94EA-1614B7935E8C}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{61019A01-5835-47A7-93CF-BEAA83DDC44F}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{9384583D-5916-4897-9F46-6C3D989C9917}: "URL" = http://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{97181CDC-24B1-4748-9601-65BBAC502816}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
IE - HKCU\..\SearchScopes\{ADD6BEC9-F897-4477-9B4B-F56FF9288C2B}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8oCjuYer&i=26
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {7AF6830F-D3D8-4973-BA4D-74783BE69F62}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.5332
FF - prefs.js..extensions.enabledItems: [email protected]:0.78.35
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\pamarj1\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\pamarj1\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\pamarj1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pamarj1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pamarj1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Splashtop\Splashtop Remote\Server\plugin\FFExtensions [2011/07/27 00:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/01 13:33:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/01 13:33:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008/12/20 04:44:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\pamarj1\AppData\Roaming\Move Networks [2009/10/27 13:23:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\pamarj1\Program Files\DNA [2010/01/14 12:10:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}: C:\Users\pamarj1\AppData\Local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62} [2010/10/12 19:24:04 | 000,000,000 | ---D | M]

[2008/12/18 23:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Extensions
[2012/05/02 17:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions
[2011/12/10 11:48:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/10 11:48:19 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2007/12/07 22:03:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/10 11:48:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/04/01 14:01:22 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
[2009/04/27 22:44:47 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
[2009/03/17 18:58:47 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
[2010/11/14 00:10:35 | 000,001,832 | ---- | M] () -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\searchplugins\bing.xml
[2012/04/01 13:34:03 | 000,002,203 | ---- | M] () -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\searchplugins\MyStart Search.xml
[2012/04/29 23:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/27 00:20:38 | 000,000,000 | ---D | M] (Splashtop Remote) -- C:\PROGRAM FILES\SPLASHTOP\SPLASHTOP REMOTE\SERVER\PLUGIN\FFEXTENSIONS
[2008/12/20 04:44:19 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2010/10/12 19:24:04 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\PAMARJ1\APPDATA\LOCAL\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}
[2009/10/27 13:23:27 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\PAMARJ1\APPDATA\ROAMING\MOVE NETWORKS
[2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2007/02/08 11:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll
[2009/06/23 20:40:40 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll
[2011/11/01 16:55:05 | 000,001,692 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6R8oCjuYer&i=26
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: National Instruments LabVIEW 8.2 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv90win32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\pamarj1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\pamarj1\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Word Search Puzzle = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl\1.2_0\
CHR - Extension: SKiD Racer = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoaojooagiaaiidlnfhkkafjpbbnnno\0.0.0.37_0\
CHR - Extension: WGT Golf Challenge = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\32.1.0_0\
CHR - Extension: Final Fight = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpegianedjonaeafilbagbcbcimjifai\0.0.0.1_0\
CHR - Extension: AdBlock = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.32_0\
CHR - Extension: Monster Truck Racing = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjmcfmephihmhendkenhfmnkfoakedhi\1.0_0\
CHR - Extension: Air Hockey = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcchbhjknakkndfpdbapmdkhbbgojkno\2.0_0\
CHR - Extension: Codec-V = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.17.48_0\
CHR - Extension: Steambirds: Survival = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn\1.0_0\
CHR - Extension: WarTime = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkobmjibnppfleogmodpjgocgdbdiikp\1.23_0\
CHR - Extension: Poppit = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Play Books = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: Crusader Tank = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpegcjgnjllooimlcfdnphhccfnmhfem\1.2.0_0\
CHR - Extension: Baseball (Deluxe) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbmhkhnoadhdceaokdofknafciecdea\2.1_0\

O1 HOSTS File: ([2012/04/25 17:41:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00F5FC4A-1ADF-4AC4-8EB4-B213ADBF5159}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907}: DhcpNameServer = 68.87.72.134 68.87.77.134
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/23 07:05:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 20:11:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/30 21:35:22 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
[2012/04/28 17:16:05 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Roaming\f-secure
[2012/04/28 17:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/04/25 23:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/25 18:38:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/25 17:46:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/25 17:46:37 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Local\temp
[2012/04/25 17:33:46 | 000,000,000 | ---D | C] -- C:\puppy.exe
[2012/04/25 17:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
[2012/04/25 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
[2012/04/24 17:26:26 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/24 17:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/24 17:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/24 17:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/23 18:06:03 | 000,000,000 | ---D | C] -- C:\puppy.exe20967p
[2012/04/19 19:13:41 | 004,468,852 | R--- | C] (Swearware) -- C:\Users\pamarj1\Desktop\puppy.exe.exe
[2012/04/12 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\Desktop\antivirus
[2012/04/12 20:45:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\pamarj1\Desktop\HijackThis.exe
[2012/04/05 20:32:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/05 20:32:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/05 20:32:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/05 20:31:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/05 20:31:54 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/05 20:29:48 | 000,000,000 | ---D | C] -- C:\Qoobox

========== Files - Modified Within 30 Days ==========

[2012/05/03 17:35:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
[2012/05/03 17:33:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job
[2012/05/03 17:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/03 17:16:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/03 17:16:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/03 17:16:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/03 00:15:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/03 00:01:04 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
[2012/05/03 00:01:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
[2012/05/02 23:42:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
[2012/05/02 22:42:03 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
[2012/05/02 19:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/01 22:29:58 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 21:35:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
[2012/04/29 03:08:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/29 03:07:00 | 000,609,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/29 03:07:00 | 000,106,324 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/26 20:00:02 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - pamarj1.job
[2012/04/25 17:41:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/24 17:25:51 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/20 21:26:58 | 000,002,296 | ---- | M] () -- C:\Users\pamarj1\Desktop\CFScript.rtf
[2012/04/19 19:13:05 | 004,468,852 | R--- | M] (Swearware) -- C:\Users\pamarj1\Desktop\puppy.exe.exe
[2012/04/12 20:54:58 | 000,302,592 | ---- | M] () -- C:\Users\pamarj1\Desktop\2fpcgnjl.exe
[2012/04/12 20:42:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\pamarj1\Desktop\HijackThis.exe

========== Files Created - No Company Name ==========

[2012/04/29 03:08:10 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/24 17:25:51 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/20 21:29:20 | 000,002,296 | ---- | C] () -- C:\Users\pamarj1\Desktop\CFScript.rtf
[2012/04/12 20:58:41 | 000,302,592 | ---- | C] () -- C:\Users\pamarj1\Desktop\2fpcgnjl.exe
[2012/04/05 20:32:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/05 20:32:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/05 20:32:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/05 20:32:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/05 20:32:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/03/28 23:32:02 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

========== LOP Check ==========

[2010/01/12 17:25:39 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Ansys
[2011/07/27 06:36:15 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS
[2011/07/27 00:19:18 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS WebStorage
[2011/07/27 09:14:37 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS.AF361EFD06694D11175EA8BF6E21597A36AD9F1D.1
[2011/01/09 02:52:56 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\BitTorrent
[2008/09/30 18:48:50 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\BitTorrent DNA
[2011/01/28 01:21:10 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\calibre
[2009/12/25 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DAEMON Tools Lite
[2010/01/25 04:19:45 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DNA
[2009/10/28 16:06:05 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DzSoft
[2011/07/27 00:01:57 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\eCareme
[2012/04/28 17:16:05 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\f-secure
[2011/08/28 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\gtk-2.0
[2009/05/28 08:53:19 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Lexmark Productivity Studio
[2010/02/18 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\mjusbsp
[2010/11/09 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Mobipocket
[2011/07/27 09:14:54 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Outlook
[2012/02/07 13:52:37 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Samsung
[2012/03/10 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\SystemRequirementsLab
[2008/08/02 16:33:58 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\WildTangent
[2007/12/07 01:06:12 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2012/05/03 00:01:02 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
[2012/05/03 00:01:04 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
[2010/05/20 18:32:20 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2012/05/01 22:27:17 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/03 17:35:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
[2012/05/03 17:33:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job

========== Purity Check ==========

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Run OTL again and under the Custom Scans/Fixes box at the bottom, paste in the following:


```
:OTL
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6R8oCjuYer&i=26
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6R8oCjuYer&i=26
```
Click Run Fix and then post the log please.


----------



## ajpnsld (Apr 11, 2012)

Hi Cookigal,

Following is the log after running OTL with your script.


========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.

OTL by OldTimer - Version 3.2.42.2 log created on 05042012_181636


----------



## Cookiegal (Aug 27, 2003)

In Chrome, please change the default search provider to Google (or something else other than IncrediBar).


----------



## ajpnsld (Apr 11, 2012)

Hi cookigal

I changed the search engine and the search is going thru google. But the incredibar option still shows in the pull down menu in the options section of chrome. how do I delete that?


----------



## Cookiegal (Aug 27, 2003)

In that same area, click on "Manage Search Engines" and remove the other option releated to Incredibar. Then exit Chrome and restart the browser and let me if it's gone.


----------



## ajpnsld (Apr 11, 2012)

After modifying "manage search engines", incredibar is not appearing.


----------



## Cookiegal (Aug 27, 2003)

That's good. Please run OTL again adn post the log so I can see if there are any other remnants of Incredibar.


----------



## ajpnsld (Apr 11, 2012)

Hi,

Following is the OTL log:

OTL logfile created on: 5/5/2012 9:43:21 PM - Run 3
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\pamarj1\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 36.75% Memory free
4.22 Gb Paging File | 2.57 Gb Available in Paging File | 60.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.50 Gb Total Space | 7.72 Gb Free Space | 7.46% Space Free | Partition Type: NTFS
Drive D: | 8.29 Gb Total Space | 1.83 Gb Free Space | 22.09% Space Free | Partition Type: NTFS

Computer Name: PAMARJ1-PC | User Name: pamarj1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 21:35:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/07 16:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/02/10 11:28:06 | 000,425,240 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BingBar.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/02/10 11:28:06 | 000,142,104 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\bingsurrogate.exe
PRC - [2011/12/28 00:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/26 22:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2011/03/30 20:56:06 | 000,406,856 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011/03/30 20:55:58 | 002,182,984 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2011/03/07 21:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2009/06/15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/16 12:38:54 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/06/14 08:15:34 | 000,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdkcoms.exe
PRC - [2007/03/09 12:50:02 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/07 09:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
PRC - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 23:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/01 22:35:09 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/05/01 22:35:09 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/24 17:26:58 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/24 17:26:57 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/07/26 22:19:38 | 000,032,848 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2011/07/26 22:19:36 | 000,044,112 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2011/07/26 22:19:36 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2011/07/26 22:19:34 | 000,195,664 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2011/07/26 22:19:34 | 000,057,424 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2011/07/26 22:19:32 | 000,841,296 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2011/07/26 22:19:30 | 000,824,912 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2011/07/26 22:19:30 | 000,049,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2011/07/26 22:19:28 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2011/07/26 22:19:26 | 000,365,648 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2011/07/26 22:19:26 | 000,131,152 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_elementtree.pyd
MOD - [2011/07/26 22:19:24 | 000,093,776 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2011/07/26 22:19:22 | 000,589,904 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2011/07/26 22:19:22 | 000,016,976 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2011/07/26 22:19:20 | 000,134,224 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2011/07/26 22:19:00 | 000,173,136 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxslt.dll
MOD - [2011/07/26 22:18:58 | 001,009,744 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libxml2.dll
MOD - [2011/07/26 22:18:56 | 000,063,056 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\libexslt.dll
MOD - [2011/07/26 22:18:26 | 000,033,360 | ---- | M] () -- C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2011/06/23 04:02:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/03/29 05:55:05 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/01/19 05:48:35 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2010/09/02 06:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.102.211\AsusWSShellExt.dll
MOD - [2008/10/13 17:26:58 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2008/07/27 13:03:15 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2008/07/27 13:03:14 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2008/07/27 13:03:12 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/01 13:45:48 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/03/30 20:56:06 | 000,406,856 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/03/07 21:39:36 | 000,341,832 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/23 14:29:48 | 000,740,968 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2009/06/23 12:23:14 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/06/18 08:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 07:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 07:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/15 21:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/06/04 05:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2009/06/03 11:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [Disabled | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)
SRV - [2008/10/31 15:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/02/16 12:38:54 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/14 08:15:34 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdkcoms.exe -- (lxdk_device)
SRV - [2007/06/14 08:15:24 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdkserv.exe -- (lxdkCATSCustConnectService)
SRV - [2007/04/23 20:11:44 | 000,106,593 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 20:11:42 | 000,262,243 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/02/07 09:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/14 08:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/13 04:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 23:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/01/05 23:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/06/22 02:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll -- (ASChannel)
SRV - [2006/03/24 16:34:04 | 001,294,336 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe -- (ANSYS FLEXlm license manager)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\pamarj1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aget0x7k)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/07 23:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/12/07 23:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/17 04:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110319.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/17 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110319.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/17 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/04 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/07 21:54:45 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/25 22:16:55 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/05/22 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/01 00:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/12/01 00:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/12/01 00:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/06 11:07:18 | 000,180,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20071122.002\IDSvix86.sys -- (IDSvix86)
DRV - [2007/04/14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/03 14:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007/03/28 11:44:22 | 000,140,424 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/05 16:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/01 07:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/02/24 09:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 12:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 11:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/16 23:38:52 | 000,983,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007/01/09 23:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/01/09 23:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW)
DRV - [2007/01/09 23:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS)
DRV - [2007/01/09 23:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV)
DRV - [2007/01/09 23:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2007/01/09 23:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS)
DRV - [2006/11/30 12:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 6C C5 E7 F2 2A CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{102266F6-EE4B-4F61-B7CF-5CAD12A85595}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{1FDCD3CD-BAC0-4EFD-94CC-99CEE205D94F}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{4F4F3347-4DD6-4602-94EA-1614B7935E8C}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{61019A01-5835-47A7-93CF-BEAA83DDC44F}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{9384583D-5916-4897-9F46-6C3D989C9917}: "URL" = http://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{97181CDC-24B1-4748-9601-65BBAC502816}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
IE - HKCU\..\SearchScopes\{ADD6BEC9-F897-4477-9B4B-F56FF9288C2B}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yessv
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {7AF6830F-D3D8-4973-BA4D-74783BE69F62}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.5332
FF - prefs.js..extensions.enabledItems: [email protected]:0.78.35
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\pamarj1\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\pamarj1\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\pamarj1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\pamarj1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\pamarj1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Splashtop\Splashtop Remote\Server\plugin\FFExtensions [2011/07/27 00:20:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/01 13:33:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/01 13:33:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008/12/20 04:44:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\pamarj1\AppData\Roaming\Move Networks [2009/10/27 13:23:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\pamarj1\Program Files\DNA [2010/01/14 12:10:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}: C:\Users\pamarj1\AppData\Local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62} [2010/10/12 19:24:04 | 000,000,000 | ---D | M]

[2008/12/18 23:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Extensions
[2012/05/02 17:54:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions
[2011/12/10 11:48:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/10 11:48:19 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2007/12/07 22:03:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/12/10 11:48:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/04/01 14:01:22 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
[2009/04/27 22:44:47 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
[2009/03/17 18:58:47 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\extensions\[email protected]
[2010/11/14 00:10:35 | 000,001,832 | ---- | M] () -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\searchplugins\bing.xml
[2012/04/01 13:34:03 | 000,002,203 | ---- | M] () -- C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\searchplugins\MyStart Search.xml
[2012/04/29 23:22:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/27 00:20:38 | 000,000,000 | ---D | M] (Splashtop Remote) -- C:\PROGRAM FILES\SPLASHTOP\SPLASHTOP REMOTE\SERVER\PLUGIN\FFEXTENSIONS
[2008/12/20 04:44:19 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2010/10/12 19:24:04 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\PAMARJ1\APPDATA\LOCAL\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}
[2009/10/27 13:23:27 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\PAMARJ1\APPDATA\ROAMING\MOVE NETWORKS
[2007/08/29 16:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2007/02/08 11:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll
[2009/06/23 20:40:40 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv90win32.dll
[2011/11/01 16:55:05 | 000,001,692 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: National Instruments LabVIEW 8.2 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPLV82Win32.dll
CHR - plugin: National Instruments LabVIEW 9.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nplv90win32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\pamarj1\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\pamarj1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\pamarj1\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Word Search Puzzle = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl\1.2_0\
CHR - Extension: SKiD Racer = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoaojooagiaaiidlnfhkkafjpbbnnno\0.0.0.37_0\
CHR - Extension: WGT Golf Challenge = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\32.1.0_0\
CHR - Extension: Final Fight = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpegianedjonaeafilbagbcbcimjifai\0.0.0.1_0\
CHR - Extension: AdBlock = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.32_0\
CHR - Extension: Monster Truck Racing = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjmcfmephihmhendkenhfmnkfoakedhi\1.0_0\
CHR - Extension: Air Hockey = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcchbhjknakkndfpdbapmdkhbbgojkno\2.0_0\
CHR - Extension: Codec-V = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.17.48_0\
CHR - Extension: Steambirds: Survival = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcdhpokmalcfjnfkjlfncgekebcojinn\1.0_0\
CHR - Extension: WarTime = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkobmjibnppfleogmodpjgocgdbdiikp\1.23_0\
CHR - Extension: Poppit = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Play Books = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: Crusader Tank = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpegcjgnjllooimlcfdnphhccfnmhfem\1.2.0_0\
CHR - Extension: Baseball (Deluxe) = C:\Users\pamarj1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbbmhkhnoadhdceaokdofknafciecdea\2.1_0\

O1 HOSTS File: ([2012/04/25 17:41:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/livetv.ocx (KooPlayer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00F5FC4A-1ADF-4AC4-8EB4-B213ADBF5159}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907}: DhcpNameServer = 68.87.72.134 68.87.77.134
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/23 07:05:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 20:11:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/30 21:35:22 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
[2012/04/28 17:16:05 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Roaming\f-secure
[2012/04/28 17:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/04/25 23:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/25 18:38:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/25 17:46:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/25 17:46:37 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Local\temp
[2012/04/25 17:33:46 | 000,000,000 | ---D | C] -- C:\puppy.exe
[2012/04/25 17:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
[2012/04/25 17:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinMerge
[2012/04/24 17:26:26 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/24 17:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/24 17:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/24 17:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/23 18:06:03 | 000,000,000 | ---D | C] -- C:\puppy.exe20967p
[2012/04/19 19:13:41 | 004,468,852 | R--- | C] (Swearware) -- C:\Users\pamarj1\Desktop\puppy.exe.exe
[2012/04/12 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\pamarj1\Desktop\antivirus
[2012/04/12 20:45:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\pamarj1\Desktop\HijackThis.exe

========== Files - Modified Within 30 Days ==========

[2012/05/05 21:53:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job
[2012/05/05 21:50:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
[2012/05/05 21:42:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
[2012/05/05 21:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/05 21:15:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/05 21:07:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/05 21:07:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/05 21:07:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/05 15:01:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
[2012/05/04 19:15:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/04 00:01:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
[2012/05/03 22:42:04 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
[2012/05/03 20:00:04 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - pamarj1.job
[2012/05/01 22:29:58 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 21:35:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pamarj1\Desktop\OTL.exe
[2012/04/29 03:08:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/29 03:07:00 | 000,609,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/29 03:07:00 | 000,106,324 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/25 17:41:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/24 17:25:51 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/20 21:26:58 | 000,002,296 | ---- | M] () -- C:\Users\pamarj1\Desktop\CFScript.rtf
[2012/04/19 19:13:05 | 004,468,852 | R--- | M] (Swearware) -- C:\Users\pamarj1\Desktop\puppy.exe.exe
[2012/04/12 20:54:58 | 000,302,592 | ---- | M] () -- C:\Users\pamarj1\Desktop\2fpcgnjl.exe
[2012/04/12 20:42:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\pamarj1\Desktop\HijackThis.exe

========== Files Created - No Company Name ==========

[2012/04/29 03:08:10 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/24 17:25:51 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/20 21:29:20 | 000,002,296 | ---- | C] () -- C:\Users\pamarj1\Desktop\CFScript.rtf
[2012/04/12 20:58:41 | 000,302,592 | ---- | C] () -- C:\Users\pamarj1\Desktop\2fpcgnjl.exe
[2012/04/05 20:32:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/05 20:32:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/05 20:32:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/05 20:32:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/05 20:32:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/03/28 23:32:02 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys

========== LOP Check ==========

[2010/01/12 17:25:39 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Ansys
[2011/07/27 06:36:15 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS
[2011/07/27 00:19:18 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS WebStorage
[2011/07/27 09:14:37 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\ASUS.AF361EFD06694D11175EA8BF6E21597A36AD9F1D.1
[2011/01/09 02:52:56 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\BitTorrent
[2008/09/30 18:48:50 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\BitTorrent DNA
[2011/01/28 01:21:10 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\calibre
[2009/12/25 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DAEMON Tools Lite
[2010/01/25 04:19:45 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DNA
[2009/10/28 16:06:05 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\DzSoft
[2011/07/27 00:01:57 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\eCareme
[2012/04/28 17:16:05 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\f-secure
[2011/08/28 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\gtk-2.0
[2009/05/28 08:53:19 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Lexmark Productivity Studio
[2010/02/18 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\mjusbsp
[2010/11/09 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Mobipocket
[2011/07/27 09:14:54 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Outlook
[2012/02/07 13:52:37 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\Samsung
[2012/03/10 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\SystemRequirementsLab
[2008/08/02 16:33:58 | 000,000,000 | ---D | M] -- C:\Users\pamarj1\AppData\Roaming\WildTangent
[2007/12/07 01:06:12 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
[2012/05/04 00:01:02 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
[2012/05/05 15:01:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
[2010/05/20 18:32:20 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2012/05/01 22:27:17 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/05 21:50:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
[2012/05/05 21:53:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job

========== Purity Check ==========

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Please remove ComboFix by dragging it to the Recycle Bin and grab the latest version.

Please visit *Combofix Guide & Instructions * for instructions for downloading ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Open Notepad and copy and paste the text in the code box below into it:


```
File::
C:\Users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\searchplugins\MyStart Search.xml
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


----------



## ajpnsld (Apr 11, 2012)

Hi,

Following is the log after copying your script:

ComboFix 12-05-06.03 - pamarj1 05/06/2012 21:18:36.5.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.2038.726 [GMT -5:00]
Running from: c:\users\pamarj1\Desktop\puppy.exe
Command switches used :: c:\users\pamarj1\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\searchplugins\MyStart Search.xml"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\puppy.exe
c:\puppy.exe\PEV.exe
c:\puppy.exe\snapshot.00.dat
c:\users\pamarj1\AppData\Local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}
c:\users\pamarj1\AppData\Local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}\chrome.manifest
c:\users\pamarj1\AppData\Local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}\chrome\content\overlay.xul
c:\users\pamarj1\AppData\Local\{7AF6830F-D3D8-4973-BA4D-74783BE69F62}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))
.
.
2012-05-07 02:34 . 2012-05-07 02:34	--------	d-----w-	c:\users\pamarj1\AppData\Local\temp
2012-05-07 02:34 . 2012-05-07 02:34	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-05-07 02:34 . 2012-05-07 02:34	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2012-05-07 02:34 . 2012-05-07 02:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-07 02:34 . 2012-05-07 02:34	--------	d-----w-	c:\users\257\AppData\Local\temp
2012-05-06 15:40 . 2012-05-06 15:40	56200	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0DDDB5F-EC8D-4985-9393-32839EC4F371}\offreg.dll
2012-05-06 15:40 . 2012-05-06 15:40	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0DDDB5F-EC8D-4985-9393-32839EC4F371}\MpKslf78851f8.sys
2012-05-06 15:36 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0DDDB5F-EC8D-4985-9393-32839EC4F371}\mpengine.dll
2012-05-05 17:14 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-02 01:11 . 2012-05-02 01:11	--------	d-----w-	C:\_OTL
2012-04-28 22:16 . 2012-04-28 22:16	--------	d-----w-	c:\users\pamarj1\AppData\Roaming\f-secure
2012-04-28 22:15 . 2012-04-28 22:15	--------	d-----w-	c:\programdata\F-Secure
2012-04-26 04:56 . 2012-04-26 04:56	--------	d-----w-	c:\program files\ESET
2012-04-25 22:27 . 2012-04-25 22:27	--------	d-----w-	c:\program files\WinMerge
2012-04-24 22:26 . 2012-04-24 22:26	--------	d-----w-	c:\users\pamarj1\AppData\Roaming\SUPERAntiSpyware.com
2012-04-24 22:25 . 2012-04-24 22:26	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-04-24 22:25 . 2012-04-24 22:25	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 18:45 . 2012-04-01 18:45	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-01 18:45 . 2011-06-30 22:49	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-21 01:44 . 2012-03-21 01:44	74112	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2012-03-21 01:44	171064	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-02-24 01:53 . 2012-02-24 02:00	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D32082A-F433-45EC-9E2D-1A4F880398CE}\gapaengine.dll
2012-02-07 16:02 . 2012-02-07 16:02	1070352	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2007-02-08 16:48 . 2007-02-08 16:48	133920	----a-w-	c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2009-06-24 01:41 . 2009-06-24 01:41	158720	----a-w-	c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 16:28	1307928	----a-w-	c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{eec0f710-38b5-4aba-99bf-ec87564a4e13}"= "c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll" [2012-02-10 1307928]
.
[HKEY_CLASSES_ROOT\clsid\{eec0f710-38b5-4aba-99bf-ec87564a4e13}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"Plex Media Server"="c:\program files\Plex\Plex Media Server\Plex Media Server.exe" [2011-07-27 2495056]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-22 39408]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-12-28 937360]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-28 21392]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-12-28 3508624]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\pamarj1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Sync Loader]
2011-05-11 19:14	638976	----a-w-	c:\program files\ASUS\ASUS Sync\asusUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]
2011-06-08 07:09	737104	----a-w-	c:\program files\ASUS\ASUS WebStorage\3.0.102.211\AsusWSPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 14:14	323392	----a-w-	c:\users\pamarj1\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-01-10 11:59	115816	----a-w-	c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-01-19 23:55	50520	----a-w-	c:\users\pamarj1\AppData\Roaming\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
2003-12-22 18:12	17920	----a-r-	c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57	369200	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-11-06 04:55	137536	----atw-	c:\users\pamarj1\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
2007-12-17 17:12	243240	----a-w-	c:\program files\Windows Live\Family Safety\fssui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-02 13:57	135664	----atw-	c:\users\pamarj1\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22	3739648	----a-w-	c:\users\pamarj1\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-03-05 17:06	173592	----a-w-	c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 12:58	75008	----a-w-	c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 00:03	186904	----a-w-	c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-03-05 17:06	141848	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-09-10 22:40	289576	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdkamon]
2007-06-01 13:06	20480	----a-w-	c:\program files\Lexmark 5300 Series\lxdkamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdkmon.exe]
2007-06-22 08:17	455344	----a-w-	c:\program files\Lexmark 5300 Series\lxdkmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 03:59	4347120	----a-w-	c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 17:34	5724184	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-03-05 17:06	150552	----a-w-	c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-02-13 18:38	159744	----a-w-	c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-24 01:11	176128	----a-w-	c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 20:09	413696	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBC_McciTrayApp]
2007-02-28 19:35	1011200	----a-w-	c:\program files\SBC\update\SST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-17 04:34	634880	----a-w-	c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-18 19:27	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-22 03:14	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01	2634048	----a-w-	c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29	37888	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2008-11-06 03:59	4347120	----a-w-	c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - MPKSLF78851F8
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance	REG_MULTI_SZ ASBroker ASChannel
vvdsvc	REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:45]
.
2007-12-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]
.
2012-05-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
- c:\users\pamarj1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 04:55]
.
2012-05-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
- c:\users\pamarj1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-06 04:55]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 18:52]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-02 18:52]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000Core.job
- c:\users\pamarj1\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 13:57]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-358495213-3537462999-3419443030-1000UA.job
- c:\users\pamarj1\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-23 13:57]
.
2010-05-20 c:\windows\Tasks\Install.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-04-26 20:47]
.
2012-05-04 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - pamarj1.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 15:09]
.
2012-05-07 c:\windows\Tasks\User_Feed_Synchronization-{34847377-100D-4463-974F-5B7367A54440}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
2012-05-07 c:\windows\Tasks\User_Feed_Synchronization-{F0F613CC-5E98-44FA-A517-ADA9B4C45F95}.job
- c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DMDTDF&PC=VEOH&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Premiumplay Codec-C: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Veoh Web Player Video Finder: [email protected] - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF - Ext: Move Media Player: [email protected] - c:\users\pamarj1\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Splashtop Remote: [email protected] - c:\program files\Splashtop\Splashtop Remote\Server\plugin\FFExtensions
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-06 21:34
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-06 21:39:31
ComboFix-quarantined-files.txt 2012-05-07 02:39
ComboFix2.txt 2012-04-25 22:46
ComboFix3.txt 2012-04-23 23:48
ComboFix4.txt 2012-04-20 00:56
ComboFix5.txt 2012-05-07 02:14
.
Pre-Run: 7,328,002,048 bytes free
Post-Run: 7,309,103,104 bytes free
.
- - End Of File - - AA3A696FD24A814DCF8E2EB820FCB0A2


----------



## Cookiegal (Aug 27, 2003)

It doesn't look like the file was deleted.

Please navigate to this folder (you may have to unhide files/folders if not already set that way):

c:\users\pamarj1\AppData\Roaming\Mozilla\Firefox\Profiles\hr7z8ah5.default\*searchplugins*

Open the searchplugins folder and let me know if you see this file still there:

MyStart Search.xml


----------



## ajpnsld (Apr 11, 2012)

Hi

I can still see that file there. Do you want me to delete it manually?


----------



## Cookiegal (Aug 27, 2003)

Yes, please do that and then post a new HijackThis log.


----------



## ajpnsld (Apr 11, 2012)

Hi cookiegal

I have posted the hijackthis log below

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:14:12 PM, on 5/8/2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxdkcoms.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\BingBar.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\BingSurrogate.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\pamarj1\Desktop\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\pamarj1\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/livetv.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: lxdkCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdkserv.exe
O23 - Service: lxdk_device - - C:\Windows\system32\lxdkcoms.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 16287 bytes


----------



## Cookiegal (Aug 27, 2003)

Here are some final instructions for you.

*Follow these steps to uninstall ComboFix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the run box and click *OK*. Note the *space* between the *x* and the *u*, it needs to be there. The screenshot says "ComboFix /u" but this has been changed so please type the command as indicated above.









Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

Click on the Start button to open your Start Menu. 
Click on the Control Panel menu option.
Click on the System and Maintenance menu option.
Click on the System menu option.
Click on System Protection in the left-hand task list.

You will now be at the System Protection tab in the System control panel.

Clear the check box next to the disk to turn off System Protection, and then click OK. This will flush out all previous restore points.

Now select the check box next to the disk, and then click OK to turn system restore back on.

Now create a new restore point. Click on the Create button. When you press this button a prompt will appear asking you to provide a title for this manual restore point.

Type in a title for the manual restore point and press the Create button. Vista will now create a manual restore point, and when completed, display a notice saying that it was created successfully.

You should trim down your start-ups (these show as the 04 entries in your HijackThis log) as there are too many running. You can research them at these sites and if they aren't required at start-up then you can uncheck them in the msconfig utility. To do that click the "Start" button and then type *msconfig* in *Search *and press Enter.

http://www.systemlookup.com/lists.php?list=2
http://www.bleepingcomputer.com/startups/
http://www.windowsstartup.com/wso/index.php


----------



## ajpnsld (Apr 11, 2012)

Hi cookiegal

I apologize for the delayed reply. Thanks a lot for helping me clean my system. I appreciate your patience and time with my problem


----------



## Cookiegal (Aug 27, 2003)

It was my pleasure.


----------

